The vast majority of UK boroughs have not yet allocated a budget towards meeting all the requirements of the General Data Protection Regulation (GDPR), finds a freedom of information (FOI) request by M-Files Corporation. Yet the regulation is being introduced in May 2018, less than a year from now.
Freedom of Information requests related to GDPR implementation were sent by M-Files to all 32 London boroughs and 44 other local authorities across the country.
The results: 76 per cent of London councils have not yet allocated budget towards making provisions to ensure compliance with GDPR, but for the rest of the country that number stands at 89 per cent (averaging 82 per cent).
Additionally, 56 per cent of the local authorities contacted have still not appointed a Data Protection Officer, despite this being stipulated as a requirement by GDPR.
Julian Cook, Vice President of UK Business at M-Files, believes that these findings point to a serious lack of awareness of the importance of GDPR and the challenges it will pose for local government. He said: “GDPR will come into force on 25 May next year, which doesn’t leave very much time at all. At this stage we would have expected local authorities to be further along in their preparation efforts, but the data demonstrates that this is far from the case. Inadequate preparation for GDPR will have serious financial implications if these boroughs ultimately do not comply with the new rules.”
For Cook, it is essential that data management be raised to the top of the agenda for local government organisations if they want to avoid facing hefty fines. He continued: “It is clear that local authorities face a constant struggle to manage a series of diverse responsibilities, often having to work with limited budget and resources. Effective data management is often one of the most labour-intensive of these challenges, with local authorities tasked with administering and protecting ever-increasing amounts of sensitive data, such as personally identifiable information (PII). However, the rules of GDPR are non-negotiable, so there needs to be a concerted effort over the coming months to make the necessary preparations for its introduction. This isn’t just the responsibility of IT experts – it’s about making sure that local authorities have the funds and resources to prioritise this, and that decision-makers outside of the IT department are aware of what needs to be done.”
To assist boroughs in freeing up all-important resources to devote to GDPR preparation, Cook believes that a key focus should be on implementing technology solutions that streamline the management of personal data.
Cook added: “Implementing intelligent information management systems enables local authorities to not only gain a much greater control over the personally identifiable information they collect and store, but also that they can prove to auditors that indeed they are following GDPR requirements to do so. By bringing such a solution into play, boroughs can free up time to turn their attention towards catching up regarding GDPR.”
The GDPR Summit London, the UK’s largest GDR Conference, is being held on January 30th. This one-day deep-dive event will explore the effects of the General Data Protection Regulation on business critical processes. Click here to learn more.