Agenda item

The Council’s Data Protection Officer (DPO) submitted a report highlighting the key areas of work which provided the Committee with information and assurances regarding the Council’s compliance with the Data Protection Act 2018 and UK General Data Protection Regulations (GDPR).   

The report, in outlining the DPO’s activities and assurances, gave details of the areas in which there would be independent reviews of various aspects of Information Governance. 

The key points were noted as follows:

·        Compliance with the statutory timescales for responding to Freedom of Information requests (FOIs), subject access requests (SARs) and Environmental Impact Assessment requests (EIAs) remained very high at 99% for FOIs, 86% for SARs and 100% for EIAs.

·       During 2023, there had been a number of simulated phishing campaigns which aimed to reinforce awareness amongst staff to spot any irregular emails and report them to IT.

·       The Information Governance and Security Team along with the Emergency Resilience Team ran a number of simulated cyber-attack exercises with leaders across the Council to raise awareness and highlight any areas where improvements were needed.

·        A section within the Annual Governance Statement was also included to provide the assurances from the DPO.

RESOLVED that the Committee considered the report and the information and assurances within it and agreed to receive a further update report in 6 months’ time in contribution to wider assurances as part of the Annual Governance Review process.