EU general data protection regulation: the impact on English local authorities

The European Union (EU) General Data Protection Regulation (2016/679) will come into force in May 2018, and its expected impact on local authorities in the UK, specifically England, is explored. The key objectives are to identify how the changes to data protection legislation might impact on current compliance procedures and policies, and to suggest ways for English local authorities to minimise the risk of non-compliance with the new law by being better informed of the obligations the new rules impose on data controllers. The study provides a context for the political and legal background regarding data protection and compares previous and existing legislation to the GDP Regulation to evaluate the amount of change likely. It then examines the current compliance situation in local authorities, through studies conducted by the British Information Commissioner's Office. Major problems in some local authorities are identified, with breaches of the Data Protection Act resulting in considerable fines totalling millions of pounds. Findings indicate that, although principles of data protection will remain the same, the Regulation will introduce important changes requiring greater vigilance over compliance if fines are to be avoided. One change is the compulsory requirement to report data breaches, which could pose a serious problem in many local authorities. Just over one third reported never having had a breach; at best this means they have little experience of dealing with one, at worst there could be more fines to come. The new law imposes a change of direction, from educating organisations after a breach has occurred to requiring proof that they took adequate measures to avoid one. Recommendations include implementing clear policies, recording incidents, staff training and having full accountability throughout the organisation. To avoid further losses to public sector services it is essential that local authorities make the needed changes to meet the new law.