EU GDPR costs London councils over £1m

Councils in the capital are set to spend over £1.2million on the incoming General Data Protection Regulation (GDPR), enforced by the European Union to improve data privacy rights and storage of personal information

by News Reporter on 27 February 2018 08:28


Council chiefs in London boroughs have set aside over £1.2million to cover the costs of the new General Data Protect Regulation (GDPR), according to new research. The figures, contained in a new report published by the Parliament Street think tank, provide an insight into the financial commitments being made by local authorities ahead of the GDPR deadline of 25th May 2018.

Organisations which fail to comply could face significant fines, if found to be in breach of the strict data handling and management procedures. Researchers found that Tower Hamlets council had the highest budget allocated, with £300,000 set aside for GDPR compliance. The council added that the cost of a dedicated project worker for 12 months on a salary of £49,514 per annum has been committed.

The lowest level of spending came from Hounslow, which told us they had already spent £1,000 on staff training and materials, with an additional £4,000 allocated to the project for the rest of the year.

Other Councils with significant spending allocations were Redbridge council, which estimated a total budget of £110,689 for GDPR, with an extra £15,000 allocated for management software. Experts at MHR Analytics said that the incoming legilsation would mean a raft of new measures for organisations.

Nick Felton, director of MHR Analytics said, “Under this legislation London Borough Councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing. They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations.”

Felton continued, “They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk.

"This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline. Data continues to be a key asset for all organisations both from a legislation and competitive perspective - data is only getting bigger,” he added.

Patrick Sullivan, CEO of Parliament Street said, "The GDPR poses significant challenges for businesses and public sector organisations, in terms of compliance procedures, accountancy and auditing processes. It is encouraging to see London Boroughs going for the right mix of software and staff training, but much more will need to be done to protect the privacy rights of citizens."

blog comments powered by Disqus