The ‘vast majority’ of local authorities in the UK are not yet able to comply with the ‘right-to-be-forgotten’ stipulations of data protection regulations due to come into force next year.
A freedom of information (FoI) request to all 32 London boroughs and 44 other local authorities by M-Files revealed almost seven in 10 (69%) councils are not able to effectively erase personally identifiable information (PII) from their systems.
This is a a critical requirement of the General Data Protection Regulation (GDPR), a set of EU rules which will come into force next year and which are designed to ensure sensitive information about individuals or organisations is not shared without permission, or leaked.
‘The right-to-be-forgotten is arguably one of the most challenging aspects of GDPR, which places the onus on organisations to introduce smarter measures around data protection and controls, including how the Personally Identifiable Information (PII) of EU citizens is collected, stored and shared,’ said Julian Cook, vice president of UK Business at M-Files.
‘This is particularly true for the public sector, where this data is commonly trapped within information siloes and duplicated across different systems and repositories.
‘The net result is that public sector organisations often don’t have a full picture of the data on their systems, so completely erasing personal data becomes infinitely more challenging.
‘Radical changes to how public sector organisations manage their information will be required if they are to be compliant when the regulation comes into force.’
To assist boroughs in preparing for GDPR, Cook believes that a key focus should be on implementing technology solutions that streamline the management of personal data.
‘The essence of GDPR is to ensure that explicit policies and procedures for handling personal information are in place, but with less than a year before the go live date of 25th May 2018, the findings present a fairly concerning picture as to how prepared councils are,’ continued Mr Cook.
‘Because of this the door is open for technology to play a significant role in automating and simplifying many of these processes.’
M-Files also discovered last month that 82% of councils had yet to allocate budget towards making sure they comply with GDPR from May 2018.
