"> Your GDPR roadmap? Here's a highway code » Socitm
Don't miss out!

President's Week 2020 June 8 - 12

Become a Socitm member today

Join a vibrant community of digital leaders who share a passion for transforming local, regional and national public services.

Find Out More

Become a member  

Home » Your GDPR roadmap? Here’s a highway code

Your GDPR roadmap? Here’s a highway code

open padlock
Spread the love

By Sue Lal, Client Director at Protocol Policy Systems, a Socitm partner company

Have you read Socitm’s latest Insight briefing on the new European General Data Protection Regulation (GDPR)?

It’s particularly notable as in last year, ten per cent (216) of all reported data security incidents came from local government; second only behind the health sector with 876 reported incidents.1

This new regulation will apply in the UK from 25 May 2018. The briefing really brings home the significant volume of work involved in advance to demonstrate an organisation’s state of compliance prior to that date. Lack of compliance could present information security risks and data breaches resulting in heavy costly fines from the ICO, as well as the real risk of reputational damage.

Developing a new or adjusted culture around the EU legislation within local authorities will require substantial commitment and effort throughout the organisation, from the senior executive team down to the frontline staff.

As a priority activity in preparation for GDPR, local authorities should start by conducting a review of the current information governance framework and its suitability to address the new requirements outlined in the legislation.

At a more operational level, giving staff a GDPR ‘highway code’ to work with in the form of an easy-to-understand, well-written, policy could make the difference between a smooth transition to compliance or costly errors.

Protocol Policy Systems – a joint venture with Socitm – has a customisable IT policy management system offering with it a set of policies cross-referenced and mapped to industry standards such as ISO27002, PCI-DSS and PSN. With this IT policy management solution, organisations could significantly shorten the time involved in preparing for GDPR, as the system demonstrates an organisation’s position of good information governance, giving your staff access to relevant security IT policies, procedures and links to regulatory and legislation resources.


  1. Data security incident by sector and type, Q3 2016-2017 (CSV download); via ICO. 2017. Data security incident trends. [Online]. [28 March 2017]. Available from: http://bit.ly/1Y6acnJ
Become a Socitm Member today