London councils have spent more than £1 million as they prepare for the GDPR, a new report by the Parliament Street think tank says.
Some have spent more, and some less, the report says, with London councils spending up to £300,000 on software, training and consultancy.
Tower Hamlets council has spent the most, around £300,000, for GDPR compliance. It also has set aside almost £50,000 for a yearly salary for a dedicated project worker. On the other hand, Hounslow council had spent the least, £1,000 on staff training and materials. It also has £4,000 allocated for the rest of the year.
Redbridge also has a fairly big budget for GDPR compliance - £110,689, with an additional £15,000 for management software.
“Data protection legislation is not new, however the way in which public authorities collect, use and share information has changed significantly over the last 20 years. GDPR is designed to add strengthen and unify existing law,” said Nick Felton, Director of MHR Analytics.
“Under this legislation London Borough Councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing. They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations. They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk."
"This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline.
Image source: Shutterstock/Wright Studio