London councils’ GDPR-compliance budgets range from £1,000 to £300,000
Policy paper from Parliament Street think tank recommends increased use of shared services
The amount of money committed by London borough councils to GDPR compliance varies wildly, ranging from £1,000 up to £300,000.
That is the key finding of a new policy paper from the Parliament Street think tank, which sent Freedom of Information requests to the local authorities representing each of the 32 boroughs of London, asking for details on money that has been dedicated thus far to GDPR preparation. Exactly half of the councils responded with a figure, and the 16 have cumulatively spent £1.26m on compliance measures.
Almost a quarter of this comes from the east London borough of Tower Hamlets, which has committed £300,000 to getting ready for GDPR. This includes an annual salary of £49,514 for an employee dedicated to working on a compliance project.
The next two biggest spenders are also in the east of the capital, with Hackney devoting £141,250 to preparation, with about two fifths on this money being spent on consultancy.
Redbridge’s GDPR budget, meanwhile, stands at £110,689, with a further outlay of £15,000 expected to invest in management software a later date. Islington has spent £105,000 thus far, while the City of Westminster has committed a total of £90,000.
GDRP compliance budget committed to date by borough
1. Tower Hamlets – £300,000
2. Richmond and Wandsworth (joint) – £142,110
3. Hackney – £141,250
4. Redbridge – £110,689
5. Islington – £105,000
6. Newham and Havering (joint) – £104,319
7. City of Westminster – £90,000
8. Haringey – £69,042
9. Ealing – £59,862
10. Bexley – £56,670
11. Sutton and Kingston (joint) – £50,000
12. Hammersmith and Fulham – £28,630
13. Hounslow – £1,000
Haringey has dedicated £69,042 to compliance measures so far, while Ealing has spent £24,004 in training and project-management initiatives to date, with another £35,858 already budgeted, adding up to a total of £59,862.
The vast majority – £55,000 – of the £56,670 committed by the London Borough of Bexley has gone on an individual’s salary, with the remainder spent on training.
Six of the boroughs quizzed are using a shared-service model to prepare for GDPR, with Richmond and Wandsworth, Newham and Havering, and Sutton and Kingston each providing a joint spending figure. The former duo has spent the most, with a cumulative tally of £142,110. Newham and Havering have dedicated £104,319, while Sutton and Kingston have jointly committed £50,000 of funding to date.
By far the smallest-spending council was Hounslow, which has thus far dedicated £1,000 to training for staff and other materials. The next lowest spender was the borough of Hammersmith and Fulham, which has devoted £28,630 to compliance, including the acquisition of an information asset register.
It is, however, worth noting that some of the other authorities in the capital claimed that GDPR compliance funding was allocated out of existing budgets.
Based on the findings of its research, Parliament Street is making three recommendations for London councils, the first being to consider the implementation of a shared-services model with another borough. This, the think tank claims, will enable “back-office processes to be audited and data to be managed efficiently by one IT team”.
The second recommendation is to look at the possible us of “a shared agreement for hiring external agencies and consultants to support GDPR strategy”. If two or three councils band together, they could take advantage of discounted contracts with technology and consultancy companies, the policy paper argues.
The final recommendation is the development of a “GDPR blueprint for London”. This would entail the creation of a framework allowing local authorities across the capital to share information on strategies, implementation, and best practice.
“GDPR represents a major challenge for the way local authorities approach data-security policies and handle public information,” Parliament Street said. “The implementation of these regulations and the ongoing adherence to them will require significant resources, including substantial IT expertise, consultancy and staff training.”
The think tank added: “With council budgets often severely overstretched, delivering these high standards successfully poses a huge challenge both to CIOs and council leaders. However, the increased regulation brings with it an opportunity to transform the IT strategies behind public-sector service delivery. The time has come for local authorities to fully recognise and implement the benefits of shared-services agreements, particularly with back-office IT.”
Sector organisation writes to Matt Hancock and other MPs to express concerns
James Wickes of Cloudview believes regulators need to take steps to sharpen senior managers’ focus on cybersecurity
Large organisations that process personal data will see their annual subsidy contribution rise from £500
DCMS committee chair bemoans ‘misleading answers’ provided by the tech firm so far