Categories: CloudDatacentre

ICO: Councils ‘Have Work To Do’ Ahead Of GDPR

The Information Commissioner’s Office (ICO)  has found “concerning” shortcomings in local councils’ work on data protection ahead of the implementation of the strict General Data Protection Regulation (GDPR) next year.

The findings of a survey conducted late last year, and published this week, show councils have work to do before the new rules come into force in the UK on 25 May 2018, the ICO said.

Lack of data protection training

The study found 34 percent of councils don’t carry out privacy impact assessments (PIAs).

Since the GDPR requires that they do so in certain circumstances, councils would be best to produce their own PIA process and accompanying guidance to ensure privacy issues are considered as part of projects.

The ICO found 37 percent of councils have no data sharing policy, while one-quarter don’t have a data protection officer. The upcoming regulations increase data sharing requirements to provide certain services, and require the role of data protection officer in public authorities.

“It was good to see that 93 percent of councils have a data protection and information security policy,” said audit group manager Anulka Clarke.

She said the ICO found it “concerning” that 18 percent of councils don’t have mandatory data protection training for staff, given that many of the information security incidents her office deals with are caused by staff not knowing what they need to do about data protection.

Overall, the findings show that “many councils have work to do”, Clarke said.

Fines to increase

The GDPR is to replace the Data Protection Act (DPA) 1998, and the government has confirmed the referendum to leave the EU will not affect the regulations’ implementation in the UK.

The new rules will, amongst other things, vastly increase the power of European data protection authorities to impose fines, with organisations facing penalties of up to 20 million euros, or 4 percent of their annual worldwide turnover, whichever is greater.

By contrast, the ICO can currently impose fines of up to only £500,000.

The Payment Card Industry Security Standards Council (PCI SSC) recently estimated fines paid to the European data protection regulator could rise from £1.4bn in 2015 to £122bn in 2018, a nearly 90-fold increase, based on breaches continuing at the same level.

Large organisations could face a total of £70bn in fines, or £11m on average, with smaller businesses seeing a 60-fold increase to £52bn, or £13,000 per fine on average, the PCI SSC estimated.

The ICO also said this week it fined Norfolk County Council £60,000 after social work case files were found in a cabinet purchased by a member of the public from a second-hand shop.

“Norfolk County Council appears to have overlooked the need to ensure it had robust measures in place to protect this information,” said ICO head of enforcement Steve Eckersley in a statement. “It should have had a written procedure in place which made it clear that any storage items removed from the office which may have contained personal were thoroughly checked before disposal.”

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

OpenAI ‘Finalising Design’ For In-House AI Chip

OpenAI reportedly set to finalise design for first in-house AI chip within months, putting it…

9 hours ago

DeepSeek Ends Promotional API Pricing Amidst Demand Surge

Chinese AI start-up DeepSeek discontinues promotional pricing for V3 large language model as demand surge…

9 hours ago

Researchers Deliver High-Performance AI Model For Under $50

US researchers say innovative technique delivers performance beating recent OpenAI model with training costs of…

10 hours ago

BYD To Equip Nearly All EVs With Driving Automation

World's biggest EV maker BYD to bring advanced self-driving features to nearly all vehicles, in…

10 hours ago

International Tensions Surface At Paris AI Summit

China representative at AI Action Summit says tensions with US hindering safety efforts, trades barbs…

11 hours ago

France, EU Promise Simplified Regulation For AI Growth

At AI Action Summit, French president Macron, EU digital chief promise to 'simplify' red tape…

20 hours ago