Issue - meetings

General Data Protection Regulations

 

 

Meeting: 10/01/2018 - Audit & Governance Committee (Item 7)

7 General Data Protection Regulations pdf icon PDF 155 KB

3.20pm

 

Report from the Director for Law and Governance and Monitoring Officer

 

On 25 May 2018 the European Union General Data Protection Regulation (GDPR) will come into effect and will replace the Data Protection Act 1998 (DPA).  Despite leaving the EU in 2019 the UK will still adopt the GDPR.

 

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the Data Protection Act came into force in 1998. Although the key principles of data privacy still hold true, the new regulation reflects advances in technology, and represents a step increase in responsibilities for safeguarding personal data, and maintaining audit trails of what has been done with personal information, when it was done and why.

 

The report provides a high-level overview of the changes in the GDPR, the actions planned to implement and progress against those plans.

 

The Committee is RECOMMENDED to

 

a)                  note the contents of the report; and

 

b)                 advise of areas of concern.

 

Decision:

Recommendations agreed.

 

Minutes:

Mr Graham introduced the report and expressed confidence that the team will meet the implementation deadline in May.

 

Officers responded to Members’ questions as follows:

·         We are confident that we have the resources to meet demand following the implementation deadline but nobody knows how many applications to be ‘forgotten’ are likely to be received.

·         Officers are attending training and getting feedback from other Local Authorities on the implications of the regulations.

·         There will be more than one date provided for training Members.

·         Members are responsible for their own data when doing constituency business but have no personal liability if the Council was to be fined.

·         Systems are in place to ensure that partner organisations and contractors are compliant where sensitive data is involved.

·         The Monitoring Officer will be the Data Protection Officer initially.

 

RESOLVED: to

 

a)            note the contents of the report; and

 

b)           advise of areas of concern.