Local authorities in London have spent over £1.2m in preparation for new data protection laws, new research finds.
A new policy paper from the Parliament Street think tank has revealed how much individual local authorities have spent on software, training and consultancy to prepare for the incoming General Data Protect Regulation (GDPR).
GDPR, which will come into force in May, is aimed at strengthening and unifying data protection laws across the European Union (EU).
The think tank found Tower Hamlets council had the highest budget allocated for the new regulations, with £300,000 set aside for GDPR compliance.
The council added that the cost of a dedicated project worker for 12 months on a salary of £49,514 per annum has been committed.
The lowest level of spending came from Hounslow. They spent £1,000 on staff training and materials, with an additional £4,000 allocated to the project for the rest of the year.
Redbridge council had a large budget allocated for GDPR compliance. It has an estimated total budget of £110,689, with an extra £15,000 allocated for management software.
Commenting on the findings, Nick Felton, director of MHR Analytics, said: ‘Under this legislation London borough councils must understand what personal data they process, why they process it, how and who processes it and importantly the legal basis used to qualify the processing.
‘They must provide adequate GDPR training to staff, carry out a maturity audit and implement recommendations.
‘They also need to assess if they have clear, concise and adequate use of privacy notices, a breach management strategy which meets the new compulsory reporting conditions, ability to fulfil data subject rights; including access and management of the withdrawal of consent and data processing maps to demonstrate and manage privacy risk.
‘This will be a huge undertaking and significant investment will be needed internally and through the use of third parties, in order to comply with the May deadline.’
