Parish council GDPR revolt lays bare huge ICO challenge

churchThe task facing the Information Commissioner’s Office in educating people on how GDPR works has been further exposed after the Government has been forced to reassure parish councils that they will not have to hire individual data protection officers, even though advice is readily available.
The issue was first raised by the National Association of Local Councils, which claimed that the new regulation could cripple some small public sector bodies and local authorities, leaving them with an annual bill of £3.5m.
However, the NALC could have saved itself a lot of bother if it had simply done a quick Google search, which would have directed it to the ICO’s website. The current guidance states: “You may appoint a single data protection officer to act for a group of companies or for a group of public authorities, taking into account their structure and size.”
Culture Secretary Matt Hancock confirmed that the responsibilities of data protection officers can be implemented in different ways. He said: “For instance, several parish councils can choose to share a single data protection officer, provided that he or she is easily accessible from each establishment. The system does not require the hiring of one person per organisation.”
He added: “Organisations have already been set up to provide this service, and the service itself is important. In the case of a small organisation, such as a very small business or a parish council on a low budget, it is still important for data to be handled and protected carefully, because small organisations too can hold very sensitive personal information.
”With greater control, greater transparency and greater security for our data, the Bill will help to give us a statute book that is fit for the digital age as we leave the EU,” Hancock concluded.
The UK Data Protection Bill was passed to the committee stage, which is due to be completed by March 27.

Related stories
Parish councils cry foul at cost of GDPR compliance
Charities call for Govt action to avoid GDPR meltdown
7,000 data protection officers needed for UK firms

Print Friendly