Complying with new data protection rules has presented an uphill struggle for Flintshire Council

Complying with new data protection rules has presented an uphill struggle for a local authority, it has been revealed. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

General Data Protection Regulation (GDPR) became law in May 2018 and aims to provide greater protection and rights for people living in the EU. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

Overseeing its introduction was classed as a high priority by Flintshire Council and a dedicated officer was brought in to help. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

However, an audit carried out earlier this year showed there was limited assurance that it would successfully meet the requirements by the deadline. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

A review identified there were areas where frontline services needed to carry out more work, as well as highlighting concerns about IT systems provided by third parties. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

The council currently operates 1,429 systems of which 51 potentially need further work. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

There are also 10 systems bought from external providers which it has found cannot be made compliant. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

Despite the issues raised, the authority’s chief officer for governance, Gareth Owens, said good progress had been made since the audit was carried out. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

In a report he said: “An audit in the run-up to May 25 found that while the council had made some progress it was not fully compliant with the requirements of the legislation. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

“Since that time, every chief officer has established an action plan to ensure compliance within their portfolio. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

“Each of those work streams is now either complete or satisfactory progress has been made. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

“The chief executive and chief officer team have received monthly reports on the level of compliance. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

“These actions have resulted in the significant improvements seen since March. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

“The potential cost of fines for non-compliance clearly outweigh the cost of achieving compliance.” ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

The council has identified which of its employees need GDPR training, based on their responsibilities and the sensitivity of the data they handle. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

Statistics show that 52 per cent of staff have completed it, with the lowest rate being seven per cent for Streetscene and transport staff. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

It compares to more than 80 per cent for the governance department. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

Mr Owens said the task of training staff was ‘ongoing’ as it lapses after a certain time. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

The report will go to members of the authority’s audit committee on Wednesday. ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

By Liam Randall – Local Democracy Reporter (more here). ‌​‌‌‌​‌‌‍‌​‌‌‌​‌​‍‌​‌‌‌​‌​

Latest News