GDPR Misinformation Given to Councils
‘EXPERT’ SPEAKERS
________
If you are a local councillor, you will have no doubt have gone to many networking sessions where an expert is talking about GDPR.
The problem with experts in the field of GDPR is that there is so much information being copied and interpreted from the legislation and these interpretations are then further interpreted leading to misinformation and hearsay.
KEY POINTS
ICO Registration: One common piece of misinformation is that individual councillors need to register annually with the ICO.
This information is unclear on the ICO’s website so, we called them. The response from the ICO is due to changes in the law in April 2019, individual councillors do not have to register with the ICO.
Organisations (including councils) have to join the register of fee payers. (We provide a Register of fee payers service to take the confusion out of this.
Data Protection Officers (DPO): Another common thing I see is councils appointing the clerk as a Data Protection Officer.
A DPO is needed if you are:
- A Public Authority (Under DPA2018, chapter 2, section 7, paragraph 3 a parish council is not considered a public authority)
- Monitoring the public on a large scale and/or
- Handling large amounts of special categories of data
There are 2 things to consider when appointing a Data Protection Officer.
- The Data Protection Officer role is a protected role and as such if you do require a DPO or if you are unsure as to how you can accommodate the requirements of data protection and the DPO role you may be better off outsourcing DPO functions.
- You may not need a Data Protection Officer, and would be better tasked to appoint your clerk as a Data Protection Coordinator and deal with matters of Data Subject Requests in a similar manner as dealing with FOI requests.
Email Accounts: We see a lot of Councillors having and using personal email accounts.
Centralise your council’s email
There is a very good reason to have a secure, robust, corporate email system in place. To begin with, you need to keep council data and personal data separate.
This will ensure that you can comply easily with Freedom of Information (FOI) requests and Data Subject Requests without any confusion as to where data is stored and if needed, an administrator can gain access to emails.
Another reason to have a secure, robust email system centralised for the council, is that you can perform due diligence on the supplier and make sure that data held within the email system is held securely and not transferred to countries outside of the adequacy list, or the European Economic Area (EEA).
Issues of data control in personal email
For example: If a councillor steps down, doesn’t get re-elected or no longer meets the requirements to perform duties as a councillor, retrieval and removal of data can be nearly impossible.
The only way to be certain you can mitigate this risk is by having the systems, policies and procedures in place to ensure you as a council know where all data is stored.
If you would like more information or to arrange a free consultation, or would like more information on training for councils Contact Us on +44 (0)20 3457 4683.
TOP SELLING PRODUCTS
MORE NEWS
Weekly News Roundup 07.08.2023 – 11.08.2023
The latest weekly news from our Twitter feed. Continue Reading Weekly News Roundup 07.08.2023 – 11.08.2023
Weekly News Roundup 31.07.2023 – 04.08.2023
The latest weekly news from our Twitter feed. Continue Reading Weekly News Roundup 31.07.2023 – 04.08.2023
