EU general data protection regulation: the impact on English local authorities

ADSHEAD, Deborah and SLACK, Frances (2017). EU general data protection regulation: the impact on English local authorities. In: 17th European Conference on Digital Government (ECDG 2017), Proceedings. Academic Conferences and Publishing International Limited, 1-9.

Adshead and Slack - EU General Data Protection Regulation (AM).pdf - Accepted Version
All rights reserved.

Download (554kB) | Preview
Official URL:


The European Union (EU) General Data Protection Regulation (2016/679) will come into force in May 2018, and its expected impact on local authorities in the UK, specifically England, is explored. The key objectives are to identify how the changes to data protection legislation might impact on current compliance procedures and policies, and to suggest ways for English local authorities to minimise the risk of non-compliance with the new law by being better informed of the obligations the new rules impose on data controllers. The study provides a context for the political and legal background regarding data protection and compares previous and existing legislation to the GDP Regulation to evaluate the amount of change likely. It then examines the current compliance situation in local authorities, through studies conducted by the British Information Commissioner's Office. Major problems in some local authorities are identified, with breaches of the Data Protection Act resulting in considerable fines totalling millions of pounds. Findings indicate that, although principles of data protection will remain the same, the Regulation will introduce important changes requiring greater vigilance over compliance if fines are to be avoided. One change is the compulsory requirement to report data breaches, which could pose a serious problem in many local authorities. Just over one third reported never having had a breach; at best this means they have little experience of dealing with one, at worst there could be more fines to come. The new law imposes a change of direction, from educating organisations after a breach has occurred to requiring proof that they took adequate measures to avoid one. Recommendations include implementing clear policies, recording incidents, staff training and having full accountability throughout the organisation. To avoid further losses to public sector services it is essential that local authorities make the needed changes to meet the new law.

Item Type: Book Section
Additional Information: ISSN for conference series: 2049-9870. Paper originally presented at 17th European Conference on Digital Government 201, Lisbon, Portugal, 12-13 June 2017, organised by ACPI
Uncontrolled Keywords: data protection, data breaches, EU regulation, local government compliance, legal changes, sanctions
Research Institute, Centre or Group - Does NOT include content added after October 2018: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
Departments - Does NOT include content added after October 2018: Faculty of Science, Technology and Arts > Department of Computing
Page Range: 1-9
Depositing User: Frances Slack
Date Deposited: 12 Apr 2017 15:06
Last Modified: 18 Mar 2021 06:21

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics