New data protection law has serious implications for Moray Council

MORAY COUNCIL IS FACING a major new challenge brought about by major changes to data protection law that will see significant new responsibilities placed on all public bodies.

The extent of the new General Data Protection Regulation (GDPR) is being outlined to councillors attending the policy and resources committee on Wednesday.

Applying from May 25 next year, the GDPR will replace completely the existing Data Protection Act of 1998. The new Act has been described by the Information Commissioner as “the biggest change to data protection law in a generation”.

The report on Wednesday highlights what that means for Moray Council – and calls on councillors to note that compliance will possibly require them to consider allowing additional staff to be taken on if the council is to meet their responsibilities within what is a tight timeframe.

“GDPR requires that organisations do not just comply but are transparent and demonstrate compliance,” the report notes, adding: “For the Council, this will mean auditing all the personal data held, how it was collected, how it is processed, who processes it and the lawful basis for processing.

“Significantly for the Council GDPR categorically removes the legal basis of ‘processing carried out by public authorities in the performance of their tasks’. This could present a major challenge as this means that the Council will need to review all of its processes to make sure that consent is obtained for collecting and sharing personal information.

“The Council will also be required to keep records of all processing activity, including the categories of individuals and categories of personal data.”

The new law will significantly expand the rights of individuals over the data being held about them by local authorities – meaning that Moray Council will be required to have systems in place to make those rights actionable, including being able to immediately suspend processing of an individual’s data.

Penalties on local authorities for failure to comply with the new law have also been greatly increased – on the formula contained in the law, the report says that could pose a risk in excess of £8million for Moray Council.