GDPR: Ready or not here it comes
With one year to go until the GDPR legislation, how is the public sector set to cope with increased accountability, workload and potential substantial fines for data non-compliance?
8th February 2017
GDPR: Ready or not here it comes...
With just one year to go, Steve Thorn discusses if the public sector in the UK is ready for GDPR.
Every day, all over the world, billions of people use mobile devices to take photos, shop online, use apps and send messages, whether at work or at home. In fact, according to IDC, the total amount of data in the world is set to reach 180 zettabytes by 2025. This explosion of new technology has not only completely changed how we communicate with each other but also how we communicate with both private and public services. With businesses such as Amazon and Netflix offering highly personalised services due to effective use of data, citizens are starting to demand the same levels of service from all companies they interact with.
However, with increased personalisation comes a data trade off. How organisations use data has increasingly come into question, leading to the implementation of the EU General Data Protection Regulation (GDPR) which aims to not only safeguard citizen data but also put control back into the hands of the consumer.
With one year to go (25 May 2018) until the GDPR legislation becomes law, how is the public sector set to cope with increased accountability, workload and potential substantial fines for data non-compliance? Or how might the new legislation improve consumer trust in public bodies? We produced a report, surveying public sector leaders to find out.
The impact of the EU GDPR
The sheer importance of the GDPR cannot be ignored. One of the biggest issues within the public sector is the lack of trust around data on the part of citizens, and the regulation will go some way to building this trust. If citizens understand why their data is being collected and how it is being used for the benefit of them, then appropriate data sharing will increase. But is the public sector prepared?
While there is still a way to go until organisations are compliant with the impending legislation, our research found that public sector organisations do feel prepared. In fact, 76% of public sector executives claimed that their organisation was either working on or ‘ready to roll’ with GDPR.
However, the research also found that senior public officials are starting to show concern over the fact that the GDPR and the Digital Economy Bill (DEB), which came into force in early April, may begin to pull data sharing in different directions. Whilst a combination of both GDPR and the DE Bill could solve many data sharing issues, three quarters of public sector leaders felt that the requirements of each set of regulations were in conflict with each other and almost one third (31%) felt that there were ‘serious areas of conflict’. One made a significant point that the two sets of regulations use different terminology and that this is likely to increase the confusion.
Overwhelmingly, the majority of respondents anticipated that both laws will improve service delivery. In fact, around 85% of those surveyed felt the DEB would help identify citizens’ service needs better, while 100% claimed that the GDPR would give citizens control over their data. Now’s the time to start preparing
While confusion over how the two new regulations will work together may remain, public sector organisations cannot bury their heads in the sand. They must begin educating all employees handling personal data, from front-line employees to HR and marketing on the new laws that are set to come into place.
A common misconception is that the EU GDPR is purely an IT issue, but it’s a whole business issue and will impact almost everybody within the organisation. Public sector organisations cannot afford to wait until the last minute to react. They may need to seek partnerships with digital experts to ensure they have a full spectrum view of their data universe and to fill in the gaps that could lead to non-compliance.
With only a year to go, companies should already be well underway with their GDPR strategy. However, for many serious preparation is still needed. From identifying risks to ensuring a single view of data across an organisation.
Many companies will also need to undertake a cultural shift to build best practice standards and policies internally, which employees can actually apply on a day-to-day basis. This is crucial as recent research from the Information Commissioner’s Office (ICO) found that 18% of councils do not have mandatory data protection training for employees who process personal data, which is concerning as it’s a vital part of limiting data breaches. What’s more, the GDPR requires all companies handling EU data to appoint a Data Protection Officer (DPO) to help drive the business needs forward whilst ensuring compliance at all times. However, worryingly, our recent research with MyLife Digital found that 74% of local government organisations didn’t have a DPO contact listed.
Public sector organisations need to embrace the new regulation to improve services and use data to understand citizen needs. Building long-term trust is also crucial. At the moment, this is a goal for many, with few doing so effectively. Ultimately public sector bodies must not just worry about being compliant and avoiding fines, but delivering improved citizen services and outcomes.
Finding the right balance
The public sector must find the right balance between respecting the sensitivity of citizen data, while using it appropriately with partners and other public sector organisations to ensure the best possible service delivery. Gaining the trust of citizens on this continued digital journey will be crucial to shaping and building better interactions and delivering more positive outcomes. This won’t be easy, but it’s a challenge we must all be prepared for as the need for transparency around data increases.
To read more of our latest thinking on GDPR and how we can help your compliance journey, visit www.civica.com/gdpr
Chris Doutney, Managing Director at Civica Digital