Last month the National Association of Local Councils (NALC) brought the financial strains facing local authorities in becoming compliant with GDPR into focus. Tim Waterton, Senior Director of UK Business at M-Files believes that local authorities concerned about their abilities to fund the changes needed to support GDPR, should not be deterred and instead capitalise on simple and affordable steps, which demonstrate that reasonable measures are being taken to become compliant.
“The GDPR is a demanding piece of legislation that many organisations, particularly those in the public sector, are struggling to get to grips with,” he said. “The ongoing squeeze on public sector budgets won’t be helping this situation, but while some level of investment will be needed to support GDPR, this doesn’t need to be unduly expensive. It really boils down to sound data hygiene practices and there are some relatively simple and cost-effective actions that public sector organisations can take to close the compliance gap.”
Waterton argues that creating a centralised personal data registry or information asset registry, allows you to understand what data exists within your systems, where it is located, who has access to it and who it is shared with.
“Once you understand what data you have in your possession, you can then see how that information links to your different systems, processes, policies and procedures. That is the starting point for the transition to GDPR compliance.”