EU general data protection regulation: the impact on English local authorities

ADSHEAD, Deborah and SLACK, Frances (2017). EU general data protection regulation: the impact on English local authorities. In: 17th European Conference on Digital Government (ECDG 2017), Proceedings. Academic Conferences and Publishing International Limited, 1-9. [Book Section]

Documents
15431:144441
[thumbnail of Adshead and Slack - EU General Data Protection Regulation (AM).pdf]
Preview
PDF
Adshead and Slack - EU General Data Protection Regulation (AM).pdf - Accepted Version
Available under License All rights reserved.

Download (554kB) | Preview
Abstract
The European Union (EU) General Data Protection Regulation (2016/679) will come into force in May 2018, and its expected impact on local authorities in the UK, specifically England, is explored. The key objectives are to identify how the changes to data protection legislation might impact on current compliance procedures and policies, and to suggest ways for English local authorities to minimise the risk of non-compliance with the new law by being better informed of the obligations the new rules impose on data controllers. The study provides a context for the political and legal background regarding data protection and compares previous and existing legislation to the GDP Regulation to evaluate the amount of change likely. It then examines the current compliance situation in local authorities, through studies conducted by the British Information Commissioner's Office. Major problems in some local authorities are identified, with breaches of the Data Protection Act resulting in considerable fines totalling millions of pounds. Findings indicate that, although principles of data protection will remain the same, the Regulation will introduce important changes requiring greater vigilance over compliance if fines are to be avoided. One change is the compulsory requirement to report data breaches, which could pose a serious problem in many local authorities. Just over one third reported never having had a breach; at best this means they have little experience of dealing with one, at worst there could be more fines to come. The new law imposes a change of direction, from educating organisations after a breach has occurred to requiring proof that they took adequate measures to avoid one. Recommendations include implementing clear policies, recording incidents, staff training and having full accountability throughout the organisation. To avoid further losses to public sector services it is essential that local authorities make the needed changes to meet the new law.
More Information
Statistics

Downloads

Downloads per month over past year

View more statistics

Metrics

Altmetric Badge

Dimensions Badge

Share
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Actions (login required)

View Item View Item