There are still question marks over whether local government will be ready for the General Data Protection Regulation (GDPR) when it comes into force on 25th May 2018.
The most recent report from the Information Commissioner’s Office (ICO) Good Practice Department found that, while data governance has improved in many authorities, a lot of councils still have work to do to meet the new data protection standard.
The report surveyed 173 councils and found that a quarter didn’t have a data protection officer which is mandatory for public authorities under GDPR. Additionally, 34% of councils were not carrying out privacy impact assessments – another legal requirement come May.
For those who haven’t yet put GDPR on their short term ‘to do’ list, it would probably help to start looking at GDPR as an opportunity rather than a burden.
In a world where much is made of the desire to use data more intelligently to link up and offer better, more integrated services, GDPR compliance could be seen as the spring-board to achieving better engagement with the public, rather than a chore.
First and foremost, it offers local government the opportunity to get its house in order and gain a better understanding of the data held and what it should (or shouldn’t) be used for. Requirements like the right to be forgotten and data portability, for instance, will mean authorities will need to pinpoint exactly how data travels through an organisation and have processes in place to transfer or remove it on request.
This required visibility and control of individual-level data also provides an opportunity to harness it in other ways that should actually make life easier. For instance, a freedom of information request is something that any local government can be required to fulfill at any time. Currently, providing the information can be complex and time consuming. Better data governance can simplify and, in some circumstances, even automate these processes.
This more sophisticated approach to handling data could also potentially be used more proactively to offer better, or completely new services. For example, authorities could explore centralising the information they already hold on individuals into easily manageable databases which could alert councils to cross-use of services.
Aggregated up, this could make it easier to understand challenges and opportunities in specific geographic areas – provided, of course, the individual has given consent for this data to be collated.
Better data governance can also ensure more joined-up, omni-channel communication so that information can be given out across the channels people are most comfortable with – be that printed mail, SMS or even social media. This is a key focus for marketers in the private sector, who constantly strive for ways to connect with consumers on their level. GDPR compliance is the route to local government being able to apply the same principles.
Ultimately, GDPR will bring about significant and necessary change, whether, in the immediate term, that feels like a good thing or not. For local government, the framework set out by the new regulation for how to responsibly handle information is also a template for using data to better understand and communicate with the public.
Sue MacLure is head of data at PSONA – part of Communisis Group