Agenda item

The Council’s Data Protection Officer (DPO) submitted a report highlighting the key areas of his work which provided the Committee with information and assurances regarding the Council’s compliance with the Data Protection Act 2018 and UK General Data Protection Regulations.  

The report, in outlining the DPO’s activities and assurances, gave details of the areas in which he was to undertake or commission independent reviews of various aspects of Information Governance.

The key points were as follows:

·       Overall, recent activity and general oversight continued to provide a generally positive picture regarding compliance with UK GDPR. To support that, the Information Governance Board provided a clear focus on compliance and awareness.

·       A continued area of assurance was the compliance with the statutory timescales for responding to FOI and SAR requests which remained very high at over 98%. This reflected the work undertaken to support staff and the significant improvements in the system that managed requests and responses.

·       Cyber threats continued to be a significant risk, which was echoed by the Senior Management Team.

·       The importance of awareness and reminders in regard to cyber security threats was imperative, however there was a risk that staff may experience ‘reminder fatigue’ and therefore there was a need to look at different ways to engage staff and raise their awareness.

In response to specific questioning, the following points were noted:

·       Staff training remained a priority and dashboards were used to track progress.

·       There were challenges regarding training of non-networked staff. It was suggested that tiered training could be implemented to ensure training was fit for purpose. It was noted that some Local Authorities disconnected users from the network as a sanction for not completing mandatory training.

RESOLVED that the Committee considered the report and the information and assurances within it and receive a further update in 6 months’ time to contribute to wider and continuous assurances as part of the Annual Governance Review process.