UK local councils failing on key GDPR requirement

Most UK local authorities are unable to meet the EU General Data Protection Regulation’s right-to-be-forgotten requirement, and nearly a quarter of firms have yet to hire a data protection officer

Almost seven out of 10 UK local councils are unable to erase personally identifiable information from their systems, according to data collected in response to freedom of information (FOI) requests.

his indicates that local authorities are struggling to meet the financial, personnel and process requirements of the EU’s General Data Protection Regulation (GDPR).

The inability of 69% of local councils to meet a key requirement of the GDPR was revealed by FOI requests sent to 32 London boroughs and 44 other local authorities by data management firm M-Files.

From 25 May 2018, any organisation holding EU citizens’ personal data will be required to erase that data at the request of the data subject.

Locating customer data is likely to be the biggest challenge to fulfilling personal data erasure requests under the GDPR, according to a study published by the Blancco Technology Group in May this year.

Julian Cook, vice-president of UK business at M-Files, said the responses to the FOI questions about preparedness for GDPR suggest that the public sector needs to become more proactive in tackling personal privacy issues, which sit within the wider arc of compliance with the GDPR.

Continue reading…