The Isle of Wight Council is taking steps to upgrade its general data protection regulation (GDPR) arrangements, following an internal review.
Work is already underway to strengthen existing systems and processes, after issues were highlighted in a report to the council’s Audit Committee.
The internal audit report said there needed to be improvements in how data protection responsibilities are devolved to service areas within the council, as well as with IT systems, updating contracts and the formal reporting of GDPR issues.
A council spokesperson said:
“It is important we have these internal reviews to ensure we are meeting our obligations and to identify where improvements can be made, particularly in this important area of data protection.
“We are confident all the necessary systems and processes for the management and reporting of data protection are in place, and this is about improving upon what we already have.
“We welcome the internal review and the action plans suggested to strengthen arrangements – and work is underway on this.”
The general data protection legislation is designed to ensure all people and organisations, including councils, properly manage the personal data they process. It was introduced in May 2018.
The council’s data protection role is co-ordinated by its Corporate Information Unit, and training for all council staff in GDPR duties was undertaken to coincide with new legislation.