I read in the Medway Messenger that the Information Commissioner has issued an enforcement notice to Medway Council, giving the Council 6 months to train staff.
I find this situation rather disconcerting; that a public body has been found to be not training its staff adequately regarding their duties under data protection law. The main issue is that the laws are changing to tighten up standards and the fines are going up dramatically for non-compliance.
It is worrying that the current rules are not being enforced, what reassurances can you as leader of the council give that it will make the changes needed for GDPR when it's already non-compliant under the existing rules?
It is my belief that compliance starts at the top of an organisation and works down from there. This is why I've addressed the question to you as leader of the council. Can you show leadership through the transition period before GDPR comes into force to make sure all officers know the rules and there is a culture of compliance within the organisation? This culture appears to be missing and clearly needs to change.
The reason I want answers is that the fines under GDPR will be significantly higher than previously. Currently your favourite fallback position for cuts is that cuts are all either down to Labour's profligacy or central government cuts. A fine of several millions for non-compliance would leave that argument looking ridiculous. The residents of Medway will suffer cuts to services as result of such a compliance failure and neither Labour nor central government can be blamed, that would rest on your shoulders.
Yours sincerely,
John Castle
Chairman Medway Liberal Democrats
Reference article:
Kent Online article
