Issue - meetings
Update on the General Data Protection Regulation
Meeting: 20/11/2017 - Audit, Governance and Standards Committee (Item 55)
55 Update on the General Data Protection Regulation 
PDF 114 KB
Additional documents:
- Appendix A, item 55
PDF 38 KB
View as HTML (55/2) 60 KB
- Appendix B, item 55
PDF 61 KB
View as HTML (55/3) 25 KB
- Appendix C, item 55
PDF 46 KB
View as HTML (55/4) 10 KB
- Appendix D, item 55
PDF 30 KB
View as HTML (55/5) 26 KB
Minutes:
The Committee considered the report of the Head of Policy, Communications and Governance providing an update on the General Data Protection Regulation (GDPR) that would replace the Data Protection Act (DPA) 1998, with effect from 25 May 2018. The report included an overview of the GDPR and additional or changed responsibilities from the current DPA compliance responsibilities, and outlined the action that was required to prepare for these changes.
The Head of Policy, Communications and Governance advised the Committee that there were several new elements and enhanced rights for individuals that required additional action by the Council. Fines for failure to comply had increased significantly as had the Council’s responsibilities. Meetings were being held with high risk service areas which processed large volumes of data and audits were being carried out with these services. Other key actions included putting together retention schedules for the Authority and reviewing and updating all of the Council’s Data Protection policies and guidance. Briefing sessions would be held for Councillors prior to each Service Committee meeting in January.
In response to questions by Members, the Head of Policy, Communications and Governance and the Policy and Information Manager explained that:
· In terms of data held about children, there were some areas of the Council such as the Museum which worked with children, and there were some service areas where residents might be required to submit evidence which included information about children. It would be necessary to look at each area individually to determine how to progress this as it might be that the information was not essential or might need to be redacted.
· For the most part, the action plan for preparing for the changes was on track, but there were some areas where guidance from the Information Commissioner’s Office was awaited.
· The Officers would be happy to deliver a briefing session for Parish Clerks on the new Regulations in January.
· The Information Commissioner’s Office would decide the level of fines, but the money would go to the Treasury.
· A Data Protection Bill was brought out by the Government in September 2017 as some aspects of the GDPR, for example, exemptions, did require legislation.
RESOLVED: That the update on the General Data Protection Regulation be noted.