momius - stock.adobe.com
The National Association of Local Councils (NALC) has called on the government to provide cash to help councils comply with the EU General Data Protection Regulation (GDPR).
NALC chair Sue Baxter has written a letter to digital minister Matt Hancock, highlighting her concerns that complying with GDPR is creating a financial burden for local councils.
In London alone, councils have individually spent up to £300,000 on software, training and consultancy to prepare GDPR, according to a report by think tank Parliament Street.
The GDPR requires all local councils to appoint a data protection officer, which the NALC said is of particular concern, as the association estimates it will create costs “totalling at least £3.5m per year”.
The letter was sent ahead of yesterday’s reading of the Data Protection Bill in the House of Commons, where the bill had unanimous support. Baxter said that while the NALC “broadly welcomes the principles of the Data Protection Bill, it is vital these new measures are proportionate and the impact of GDPR on our sector is fully understood by the government”.
“On a number of recent occasions, the government has acknowledged the very important services delivered by parish councils and their role in improving quality of life and well being of communities,” she said.
“It is therefore vital the government mitigates the financial impact of the Bill and GDPR on our councils, and ultimately residents in our communities, by providing new burdens funding. I have stressed to the government my keenness to work with them on this important issue.”
The Data Protection Bill is designed to bring the UK’s data protection laws in line with the EU’s GDPR and replaces the UK’s existing data protection laws, bringing them up to date for the digital age.
Despite Brexit, the UK will still be classed as a Member State when the GDPR compliance deadline is reached on 25 May 2018.
In August 2017, Computer Weekly reported that almost seven out of 10 UK local councils were unable to erase personally identifiable information from their system – a key requirement under the GDPR, according to data collected in response to freedom of information (FOI) requests.