Proposed Amendments to GDPR Legislation

“GDPR continues to be a major focus for Councils and we know that many of you are reviewing your policies and processes following on from our training courses.  As a reminder, there is a lot of helpful information to assist you with drafting privacy notices and policies on the ICO website for small organisations.  For those who are also NALC members, they have produced a toolkit which can be accessed through the Hampshire ALC website. If you use the NALC toolkit, please be aware that some changes may be required particularly in relation to the Data Protection Officer (as outlined below).  As the ICO have said they are viewing GDPR as a journey, particularly for smaller organisations.

As those who have attended our training will be aware, a key issue for our sector was the need for town and parish councils to have a Data Protection Officer (DPO), which had a potential financial impact. We are pleased to confirm that there have been some proposed amendments tabled to the GDPR legislation.  There are a variety of amendments proposed, however, the most relevant one for our sector is the proposal the town and parish councils will not be considered Public Authorities for the purposes of the Act.  If this is passed it will mean that for most town and parish councils there will be no need to appoint a formal DPO, although it is likely to still be recommended as best practice.  You will of course still need to have a point of contact for the regulator.  There are no other suggested amendments so the rest of the legislation we have discussed in the training will still apply.  These amendments are being debated tomorrow (9th May) so we should have more clarity next week.  The ICO has also reiterated their current advice that Town and Parish Councillors do not normally need to be individually registered for GDPR as their duties will typically be covered by the town or parish councils registration.

Councils are reminded that they should review all their internal processes and policies to ensure that any reference to the Data Protection Act is updated to GDPR.  This will also need to be carried out for employment contracts, and consent clauses for employment should be removed and replaced by an appropriate reason for processing the data.  For LCPD members further information regarding employment, along with a suggested employment contract clause will be issued by the end of this week.

So in summary, the situation is still not finalised and we will not have clarity until the final legislation is passed, and in some cases until some case law is established.  It is, however, still appropriate and for Councils to work on their policies and internal procedures, and we recommend that you do so in order to show you are attempting to comply with the legislation.  We will keep you updated with any further information as it becomes clear.”





show more news