Issue - meetings

Data Protection update

Meeting: 15/11/2021 - Audit, Governance and Standards Committee (Item 52)

52 Data Protection Update pdf icon PDF 156 KB

Additional documents:


The Corporate Insight, Communities and Governance Manager introduced her report providing an update on the progress of compliance with the Data Protection Act 2018 (the General Data Protection Regulation (GDPR)).  The report included:


·  Information on a consultation document published by the Department for Digital, Culture, Media and Sport on proposed changes to data protection legislation together with a summary of the key areas that might impact the Council;


·  Information on the Code of Practice for Data Sharing published by the Information Commissioner’s Office;


·  Examples of the Information Commissioner’s Office applying its powers; and


·  Details of progress against the Data Protection Action Plan together with an explanation for a change in the structure of the Corporate Insight, Communities and Governance Team which was responsible for data protection.


The Corporate Insight, Communities and Governance Manager asked the Committee to consider the inclusion in future reports of performance data relating to wider information management such as the processing of requests under Freedom of Information Act/Environmental Impact Regulations; the processing of Subject Access Requests; Management of Data Breaches; Information Sharing Arrangements; and Data Protection Impact Assessments.  She explained that this would give a more complete view of the work being undertaken in this area as well as the success of actions implemented to ensure compliance.


Members welcomed the inclusion of this performance data in future reports to the Committee.


In response to questions, the Corporate Insight, Communities and Governance Manager explained that the proposed introduction of a charge for Subject Access Requests might exclude those who are financially insecure; the performance data which it was proposed to include in future reports was information that was provided already to the Information Management Board; and data protection was just one part of the work of the Corporate Insight, Communities and Governance Team, which also included complaints handling, processing of requests under Freedom of Information Act/Environmental Impact Regulations and information management more generally.




1.  That the national context and the progress of compliance with the Data Protection Act 2018 (the General Data Protection Regulation (GDPR)) be noted.


2.  That the actions taken to date and the next steps be noted.


3.  That the Committee should continue to receive an annual update on the progress of embedding GDPR into the Council’s processes until all actions become business as usual and that performance data relating to wider information management such as the processing of requests under Freedom of Information Act/Environmental Impact Regulations; the processing of Subject Access Requests; Management of Data Breaches; Information Sharing Arrangements; and Data Protection Impact Assessments should also be included in these reports going forward.