Issue - meetings
General Date Protection Regulations (GDPR) Policies
Meeting: 14/03/2019 - Governance Committee (Item 50)
50 General Data Protection Regulation (GDPR) Update 
PDF 82 KB
Report of the Director of Customer and Digital attached.
Additional documents:
- Appendix A - Data Protection Policy, item 50
PDF 245 KB
- Appendix B - Data Breach Policy, item 50
PDF 260 KB
Minutes:
The Committee considered a report of the Director of Customer and Digital that provided an update on the General Data Protection Regulation (GDPR) progress to date and sought comments on the draft Data Protection Policy and Data Breach Policy, both of which had been updated following the implementation of GDPR.
The GDPR officer explained that an initial log of actions to be taken under twelve distinct categories had been identified and great strides had been made by Officers to make the Council compliant in most areas over the past twelve months. The Plan is a live document and is updated at regular intervals.
The Committee queried why the current staff awareness level was only at 83% and asked how this could be made higher. The General Data Protection Officer updated members that since publication of the agenda the level of staff awareness has now risen to 94%. Special arrangements were also in place for members of staff who cannot access a computer. Further work was needed to make both staff and Members more aware and plans were in place to provide additional training.
Members raised concern about how awareness would be developed with other Members. Assurances were given that the General Data Protection Officer would be working closely with Democratic Services to ensure that GDPR is included in the new member induction which will commence in May. Members of the Committee commented that the training would need to be relevant and interesting and that possibly a case study should be around a Councillor Data breach.
Members commented on a number of areas within the policies that would be amended accordingly before publication.
RESOLVED: (Unanimously)
1.
That the report be noted.
2.
The wording altered in Appendix A Section 5 (page 56) to read,
““All staff should be aware that any deliberate breach
of Data Protection legislation will result in the Council’s
Disciplinary Procedures being instigated.”
3. The title of Deputy Chief Executive in the responsibilities section of both Appendix A and B be changed to read, “Deputy Chief Executive of Resources and Transformation”.