It was the topic of much discussion... and it’s finally here. Since 25th May, the EU’s General Data Protection Regulation (GDPR) now applies directly to the UK and will be incorporated into UK law by the Data Protection Bill.
There have been a number of reported cases involving data breaches within local authorities due to employee actions. All of these led to fines for the offending authorities, but also had significant reputational impact.
Many of the headlines around the new rules have focused on these penalties, but the Information Commissioner’s Office has been working hard to convey that, whilst the fines for breaches will be significant, the key aim is to change culture and behaviour around data control and management.
The biggest change will be in accountability. Understanding how we store and share data, what our audit trails are and how we deal with inaccurate information will be the main focus. When we get it wrong we will now be required to report a personal data breach that affects people’s rights and freedoms not later than 72 hours after having become aware of it. This will be no small task. When reporting breaches it will need to include the potential scope and cause of the breach.
All public authorities must designate a Data Protection Officer but it is vital that everyone is involved in data management. Awareness of information security incident management policies, procedures and guidance, lessons learned through briefings on incidents at their own or other organisations, reminders through emails, intranet, newsletters and team meetings are all good examples of disseminating messages. And these need to be done regularly.
Alarm is committed to helping members work their way through the considerable task of GDPR compliance – including some reflection on the opportunities as well as the risks. As an example, better control of data can simplify and in some cases automate processes. This in turn could lead to better ways of using the data for service delivery and more effective engagement with the public.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE