Parish councils cry foul at cost of GDPR compliance

st_michaels_churchThe National Association of Local Councils is going cap in hand to the Government to ask for extra funding to help parish councils comply with GDPR, following claims that they will have to cough up millions of pounds a year to be compliant.
NALC chairman Sue Baxter, who is also chairman of Wythall Parish Council, has written to Secretary of State Matt Hancock setting out her concerns. However, her main gripe is that all 10,000 local councils – as well as hundreds of parish authorities – will have to appoint a data protection officer, irrespective of their size or data use, creating a new cost burden totalling at least £3.5m a year.
According to the ICO GDPR guidance, all public authorities must appoint a DPO, although a single officer can act for a group of public authorities, taking into account their structure and size.
Nevertheless, the NALC has sent MPs a briefing paper to outline its concerns and has asked councils and county associations to support the campaign by making representations to MPs.
Baxter said: “While we broadly welcome the principles of the Data Protection Bill, it is vital these new measures are proportionate and the impact of GDPR on our sector is fully understood by the Government.
“On a number of occasions recently the Government has acknowledged the very important services delivered by parish councils and their role in improving quality of life and well being of communities. It is therefore vital the Government mitigates the financial impact of the Bill and GDPR on our councils, and ultimately residents in our communities, by providing new burdens funding. I have stressed to the Government my keenness to work with them on this important issue.”

Related stories
Charities call for Govt action to avoid GDPR meltdown
7,000 data protection officers needed for UK firms

Print Friendly

1 Comment on "Parish councils cry foul at cost of GDPR compliance"

  1. I am the DPO of a small society run as a charity, and have y alreadcreated the privacy policy and consent notices etc, which I was happy to do because it is exempt from paying a DPO fee. Sadly this is not the case for any parish council.

    I am chair of a tiny PC, which as yet has done very little – our first dedicated meeting is today. It seems incredible to me that I cannot appoint my professional paid clerk to act as DPO, nor can I act as DPO myself, so we must appoint an external body at a currently unknown cost.

    We have virtually no personal data, and in fact may have none that is not already publicly available (to be absolutely confirmed as my new clerk hasn’t yet supplied the necessary detail), so the whole thing is a bit of a fiasco for us.

    Apart from the unnecessary and unwelcome cost element, there is also the additional time and personal responsibilities placed upon unpaid councillors (who also do not claim any allowances) which I fear may make the job of acquiring new councillors in the future significantly harder – all very unsatisfactory.

    There has been absolutely no assistance whatsoever from my district councillors, or even the district council itself – who I suspect may be well behind the curve on meeting the GDPR – so at the moment everything is most unsatisfactory for me / us.

    What I (and I believe all other small PCs) need is as follows:
    – Additional funding this year to pay someone to conduct a DPIA
    – Continuing funding to pay for an external DPO
    – Specific relevant and helpful guidance for parish councillors
    Along with a recognition that perhaps things have gone just a bit too far.

    For example, why should it be necessary to obtain Specific Consent from a parishioner when they approach us to say lodge a complaint – self evidently we need their personal info in order to be able to maintain a proper record and then get back to them after any investigation etc. Pretty crazy if you ask me.


Comments are closed.