Scottish local authorities set for GDPR, says digital office 

Local authorities across Scotland are benefiting from preparations for the EU’s General Data Protection Regulations (GDPR), said the Digital Office for Scottish Local Government.

New measures enforceable from 25 May, will mean local authorities face stricter guidelines on how they collect, store, record and share personal data. The ‘Scottish Digital Office GDPR Readiness Project‘ has allowed local authorities to work together to produce resources which have been shared amongst 30 councils.

Leading the project, Glasgow City Council and Fife Council have produced a GDPR toolkit containing:

• A project plan and project risk register
• Detailed analysis of the new rules
• Flowcharts for establishing the legal basis for processing
• Data protection impact assessment templates
• Data gathering templates
• Technology compliance assessment materials, and
• Guidance and education materials for staff

Using these shared resources, councils have been able to move more quickly from planning to implementation, “something which will achieve the expected outcomes set out at the beginning of the GDPR project whilst helping accelerate its execution,” said the Digital Office.

Paul Elliott, project manager and corporate governance adviser at Glasgow City Council, said: “Local authorities that have been using our shared materials will have saved a considerable amount of time and resource whilst preparing for GDPR and should be more confident in ensuring compliance with the new data protection legislation.”

Having one consistent legal interpretation of the new legislation has also ensured the requirement for resources across the partnership has been reduced, as well as creating a common understanding of the legislation’s impact. As an unintended benefit, the office said a model for future data legislation changes has now been tried and tested.

Meic Pierce Owen, records manager at Fife Council, said: “All of the resources are shared on the Knowledge Hub, a collaboration platform for partners to exchange knowledge, experiences and ideas. This has proved a valuable tool for on-going collaborative development of GDPR within the Partnership, which should help reduce development costs across Scottish local authorities.”

The new regulations require local authorities to carry out a full information audit and for many, a culture change, to ensure they do not face the major fines that can be imposed on councils and other bodies for data protection breaches.

Martyn Wallace, the organisation’s chief digital officer, said: “Our GDPR readiness project has delivered substantial benefits to our partners as well as avoiding unnecessary costs, which is crucial at a time where our partners need it most.

“Credit must go to all our project team, particularly Glasgow City Council and Fife Council who have worked solidly on behalf of the partnership to deliver this project over the last year.”