Alexa metrics

Is Your Public Sector Organisation Prepared For GDPR?

19 December 2017 by Al McCloud

There are less than six months until the GDPR becomes reality. The regulation will completely change the way everyone handles data, and hopefully, lead to fewer breaches.

A safer internet is fantastic news for everyone, but achieving it will be no easy feat – particularly in the public sector. The GDPR has introduced a lot of new hoops and now there are only six months to jump through them.

At a recent round-table organised in collaboration with tech magazine BusinessCloud, business and data experts met up at UKFast Campus to discuss the impact of the General Data Protection Regulation.

Public sector

Culturally prepared

Panelist Chris Hunter, Creative Director at HM Network focused on the GDPR’s strict requirements for sensitive data, the likes of which are often handled by national services. He said: “If you store standard information, like email addresses and telephone numbers and 100 or more records are breached then you need to raise a notification. If you store sensitive information, like the health sector does, if one record is breached then it needs to be reported.”

Liz Ashall-Payne, founder and CEO of ORCHA has first-hand experience working in the health sector. Before moving into business, Liz began her career as a clinician and believes that there is ingrained respect for data in the public sector which is taught to all its members and that this cultural respect for data will make adopting the GDPR easier.

She said: “You’re taught in your training to be very careful with data. There are droves of policies and huge amounts of mandatory training and annual updates around information governance. It’s made clear what the consequence are of not adhering to those processes. As a clinician, you are extremely and acutely aware of data protection. As a service manager you get checks around how you are governing data and at board level, it’s high on the agenda”.

Whilst the public sector might be culturally prepared for more data protection regulation, the increased control that citizens – or ‘data subjects’ –  have over their data could be at odds with current processes.

Some questions remain 

Martin Knapp, CEO of UKFast Public Sector, works closely with public sector organisations. Martin highlighted some of the more difficult questions that have been raised by the introduction of the regulation.

Martin said: “Councils and local authorities are worried when data gets merged and turned into bigger data sets. We’re working with a company that’s creating an anti-fraud hub which takes data from insurance companies and local councils. We are all on a local council database somewhere, but we don’t want to be part of an anti-fraud investigation, so how do we know if our name’s in this anti-fraud database? How can we apply to have it removed? Should we be able to have it removed? Local councils are struggling with these types of questions as this big data is being pulled together.”

When asked for advice, Martin said: “Don’t let it become a legal-team-to-legal-team issue; have reasonable conversations with your supply chain, partners and owners. Have face-to-face conversations.”

A positive future

Co-Founder and CEO of Dream Agility Elizabeth Clark took a broader perspective on the issue. She said: “It’s the millennium bug all over again – anyone who’s in business and has a shred of integrity looks after people’s data and puts the proper processes in place to do that. The GDPR is a new thing, but we’ve had policies in place for years to protect people.” 

Chris Hunter concludes: “The 25th of May 2018 is just the starting block. You don’t just sign the GDPR off. It becomes part of your working life – it becomes the basis of what you do.”
You can stream the entire GDPR discussion here.