A freedom of information (FOI) request by M-Files Corporation, the intelligent information management company, has revealed that the vast majority of UK boroughs have not yet allocated budget towards meeting the various requirements of the General Data Protection Regulation (GDPR), despite the regulation being less than a year from its formal introduction in May 2018.
This means that local authorities are at huge risk of non-compliance if the problem is not urgently addressed.
M-Files sent FOI requests to all 32 London boroughs and 44 other local authorities distributed evenly throughout the country, asking a series of questions regarding GDPR preparedness. The results revealed that 76 per cent of London councils have not yet allocated budget towards making provisions to ensure compliance with GDPR, with the same figure for the rest of the country standing at 89 per cent (averaging 82 per cent). Additionally, 56 per cent of the local authorities contacted have still not appointed a Data Protection Officer, despite this being stipulated as a requirement by GDPR.
Julian Cook, Vice President of UK Business at M-Files, believes that these findings point to a serious lack of awareness of the importance of GDPR and the challenges it will pose for local government. He said: "GDPR will come into force on 25 May next year, which doesn't leave very much time at all. At this stage we would have expected local authorities to be further along in their preparation efforts, but the data demonstrates that this is far from the case. Inadequate preparation for GDPR will have serious financial implications if these boroughs ultimately do not comply with the new rules."
For Cook, it is essential that data management be raised to the top of the agenda for local government organisations if they want to avoid facing hefty fines. He continued: "It is clear that local authorities face a constant struggle to manage a series of diverse responsibilities, often having to work with limited budget and resources. Effective data management is often one of the most labour-intensive of these challenges, with local authorities tasked with administering and protecting ever-increasing amounts of sensitive data, such as personally identifiable information (PII). However, the rules of GDPR are non-negotiable, so there needs to be a concerted effort over the coming months to make the necessary preparations for its introduction. This isn't just the responsibility of IT experts – it's about making sure that local authorities have the funds and resources to prioritise this, and that decision-makers outside of the IT department are aware of what needs to be done."
To assist boroughs in freeing up all-important resources to devote to GDPR preparation, Cook believes that a key focus should be on implementing technology solutions that streamline the management of personal data.
Cook concluded: "Implementing intelligent information management systems enables local authorities to not only gain a much greater control over the personally identifiable information they collect and store, but also that they can prove to auditors that indeed they are following GDPR requirements to do so. By bringing such a solution into play, boroughs can free up time to turn their attention towards catching up regarding GDPR."