The Group Manager – Legal submitted a report, the purpose of which, was to inform Cabinet of the provisions under the General Data Protection Regulation (GDPR) which is due to be enforced on 25 May 2018, and the Data Protection Bill which was announced in the Queen’s speech in June 2017.

She advised Members, that GDPR would require all data controllers and processors that handle the personal information of EU to residents to implement appropriate and technical and organisational measures to ensure the ongoing confidentiality of that data. The GDPR introduces also, stricter requirements than now, i.e. under the current Data Protection Act 1998.

The Data Protection Bill updates data protection laws in the UK, supplementing the GDPR as well as extending data protection laws to areas which are not covered by the GDPR.

The Group Manager – Legal, advised that the bulk of the report expanded upon the new obligations of the GDPR when compared to the Data Protection Act provisions, including for schools, and training that was required for staff, though she highlighted paragraph 4.6.2 to Members, namely that it was incumbent upon the Council under the GDPR to appoint a Data Protection Officer (DPO) and the previous post of Information Officer in the Legal Department had recently been appointed to this new post.

In terms of the next steps, she added that in readiness for GDPR an Implementation Group had been established with appropriate representation from each Directorate.

Finally, the Group Manager – Legal referred Members to the report’s appendices, i.e. Appendix 1 – Code of Practice for Data Breaches and Appendix 2 – the Data Protection Policy.

The Cabinet Member – Wellbeing and Future Generations wished to place on record her thanks to Officers who had contributed a lot of hard work in readiness for the transition to GDPR some of which was fairly difficult and complex. She added that there would also be mandatory training for Members under GDPR.

The Leader concluded the debate by stating that he was pleased that schools were also receiving support for GDPR.

RESOLVED:                  That Cabinet:

                                     (1)     Noted the report and the enforcement of the GDPR and Data Protection Bill.

                                     (2)     Approved the updated Data Protection Policy attached at Appendix 2 to the report, to take effect from 25 May 2018.

                                     (3)       Noted the updated Code of Practice for data breaches attached as Appendix 1 to the report, to take effect from 25 May 2018.