All Articles




The EU General Data Protection Regulations (GDPR) take effect in less than a month now and the past couple of weeks have been extremely busy tying up the last odds and ends of our GDPR Readiness project and ensuring we have done all we can to support local authorities with the information and materials they need to be prepared.

We designed the project, which kicked off in March 2017, to help councils within the Scottish Local Government Digital Partnership interpret the new GDPR regulations which come into force on 25 May 2018. The outputs of the project which contained a joined-up action plan, standards and guidance, were identified to aid councils in complying with these regulations and aimed to avoid duplicate effort as well as generate a common understanding of GDPR.  



It has been fantastic to have both Glasgow City Council and Fife Council on board, leading on behalf of the Partnership and working solidly together to produce a GDPR toolkit and share the materials with the other 28 Councils in the Partnership.


The toolkit contains:

  • Project plan;
  • Project risk register;
  • Detailed analysis of the new rules;
  • Flowcharts for establishing the legal basis for processing;
  • Data protection impact assessment templates;
  • Data gathering templates;
  • Technology compliance assessment materials and guidance;
  • Staff communication materials. 

This pool of specialised resources has been published and shared sporadically over the past year on our Knowledge Hub and allowed councils to move much more quickly from planning to implementation.

Our project team consists of a programme manager, project coordinator, legal advisors, council records advisors and IT management. This team of officers have come together and shared their expertise which in turn benefits the whole Partnership. 


Meic Pierce Owen - Fife Council (GDPR Project) from Digital Office for SLG on Vimeo.





It is hard to imagine that 30 local authorities are all working on the exact same project right now however it is even harder to imagine the duplication of effort if they were all preparing in a completely different way. This of course would chew up a pile of staff resource at a time where it's needed most to concentrate on front line services.

Having one consistent legal interpretation of the new legislation has ensured the requirement for resources across the Partnership has been sizably reduced and by sharing the toolkit, the delivery board of the Digital Partnership has estimated the combined cost avoidance to be well in excess of £1million across the 30 Scottish local authorities.


A survey was issued to the 30 local authorities and further benefits realised were:


  • Duplication of effort was avoided;
  • Preparation time and resource was reduced;
  • Quicker movement from planning to implementation;
  • Good data governance practices established to include GDPR;
  • One consistent legal interpretation of the new regulations formed;
  • The potential for non-compliance fines sizably reduced - a huge reputation benefit for councils;
  • An efficient model for future data legislation changes has now been tried and tested.



Since the announcement of these new data protection regulations, it's understandable that there has been a lot of concerns and a few 'myths' circulating around data breach reporting. 


The Information Commissioner's Office set the record straight in their GDPR blog and is certainly worth a read to conquer any concerns you may have. 



Of course, we do only have a matter of weeks to ensure we are fully prepared for GDPR and the preparations will continue in each council. It is important to remember that although this is a huge task, it should be viewed as a positive one. These changes will mean that if implemented correctly, the way we use personal data will significantly change the way we manage, analyse and deliver local services in the future. It will also foster public trust in the way we work and how their personal data is handled.


We will continue to have conversations on our Knowledge Hub to support officers if they have any questions relating to GDPR and we do encourage you to join in that conversation, share your experiences and give us your feedback on our project.