Data protection is changing yet again
AUTHOR: DANIEL PURCHESE, DIRECTOR AT BREAKTHROUGH COMMUNICATIONS
Data protection is changing yet AGAIN. Here's how parish and town councils can get on top of what's coming, take some of the stress out of compliance and get back to focusing on what matters in their communities.
With the country rightly focusing on the huge challenges presented by lockdown and COVID-19, councils would be forgiven for not noticing a major judgement that has just been handed down by the European Court of Justice, which has big potential ramifications for organisations large and small across Europe (and yes, it is something that will still most likely affect us post-Brexit as well).
Let's take a step back for a moment. If a member of the public asked you, "Where is your council's data processed?", would you be able to give an adequate answer?
Of course, every parish and town council, regardless of size, manages, stores and processes more data than it often realises. This can include for example email accounts for both Officers and Members, contact data for individuals, records of correspondence with residents, community groups and other organisations, historic and current cemetery data, financial records, social media data - and so much more.
For most parish and town councils, when asked where they store their data, the answer is probably a mixture of "in the cloud" and "on our local computers or network". It's fair to say that some councils may not even be 100% sure just where their data is stored, and especially are not always certain what countries their "cloud" data is processed in.
And that's where a big challenge now could lie ahead for councils - and other organisations - right across the country.
The so-called 'Schrems 2' judgement handed down back in July by the European Court of Justice strikes down 'Privacy Shield', which affects the way organisations send data to the USA. As you will probably know, lots of commercial software that councils use everyday process and store their data in the USA, and councils now need to ask themselves a series of questions and clearly document the answers before they continue using these platforms.
But it's not just this latest judgement that councils need to be thinking about.
Since the introduction of GDPR two years ago, we know that parish and town councils have taken positive action to implement new data protection and compliance policies (and improve existing policies), as well as review their systems and consider how they process and store data. However, data protection case law and policy has evolved quite a lot since then, including the recent 'Privacy Shield' judgement.
Yet for many parish and town councils, the challenge of data protection doesn't stop there.
Whether you have appointed a Data Protection Officer for your council or not (and you do not legally have to), the Information Commissioner and increasingly a number of 'privacy campaigners' are holding organisations to account to ensure they are compliant. With Brexit just around the corner and potential for further changes to policy down the line, it's never been more important to ensure your council's data, systems, processes and indeed councillors are compliant with all aspects of data protection.
And it's not just about compliance. Data protection should be a positive tool (and not a hindrance!) to help councils be set up for success when it comes to communicating and engaging with their residents and the wider community.
All of these issues combined present a challenge for Clerks and council officers, especially if you have limited capacity and resources to get it right, let alone try to keep on top of ever-evolving changes to data protection and compliance policy. And even if you've appointed an external Data Protection Officer, that's rarely enough by itself (and if things go wrong, the buck still stops with the council, in any case).
That is why Breakthrough Communications is hosting an important webinar for Clerks and Council Officers to give you a breakdown on the 'Privacy Shield' judgement, explain clearly in simple terms what it means for you and the questions your council needs to ask itself. We'll also give you a succinct refresher on what councils need to do in order to be compliant with data protection laws and regulations and - crucially - how to make that compliance sustainable when Officer time and money is tight.
But more than that, this practical session will outline a way to give some much-needed 'peace of mind' to your council and give you ways to make it easier for your council to tackle future changes to data protection, enabling you to instead focus your time, effort and resources on what really matters to your council and the community it serves.
There are two sessions - and it's free to attend. The first is on 1 October at 2 pm, and the second is on 13 October at 10 am.