Your GDPR roadmap? Here’s a highway code

By Sue Lal (pictured, inset), Client Director at Protocol Policy Systems, a Socitm partner company

Have you read Socitm’s latest Insight briefing on the new European General Data Protection Regulation (GDPR)?

It’s particularly notable as in last year, ten per cent (216) of all reported data security incidents came from local government; second only behind the health sector with 876 reported incidents.1

This new regulation will apply in the UK from 25 May 2018. The briefing really brings home the significant volume of work involved in advance to demonstrate an organisation’s state of compliance prior to that date. Lack of compliance could present information security risks and data breaches resulting in heavy costly fines from the ICO, as well as the real risk of reputational damage.

Developing a new or adjusted culture around the EU legislation within local authorities will require substantial commitment and effort throughout the organisation, from the senior executive team down to the frontline staff.

As a priority activity in preparation for GDPR, local authorities should start by conducting a review of the current information governance framework and its suitability to address the new requirements outlined in the legislation.

At a more operational level, giving staff a GDPR ‘highway code’ to work with in the form of an easy-to-understand, well-written, policy could make the difference between a smooth transition to compliance or costly errors.

Protocol Policy Systems – a joint venture with Socitm – has a customisable IT policy management system offering with it a set of policies cross-referenced and mapped to industry standards such as ISO27002, PCI-DSS and PSN. With this IT policy management solution, organisations could significantly shorten the time involved in preparing for GDPR, as the system demonstrates an organisation’s position of good information governance, giving your staff access to relevant security IT policies, procedures and links to regulatory and legislation resources.


  1. Data security incident by sector and type, Q3 2016-2017 (CSV download); via ICO. 2017. Data security incident trends. [Online]. [28 March 2017]. Available from:
Your GDPR roadmap? Here’s a highway code

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s