Councils need to start work on ensuring their processes are in line with forthcoming changes to data protection and online privacy laws, according to Socitm.
The representative body for council ICT staff said in a briefing that councils need to examine their information governance arrangements, to prepare for a new European Data Protection Regulation and the EU-US Privacy Shield.
Supplier organisations also need to get ready for tougher compliance enquiries from public sector customers and from the users of their services.
Dr Andy Hopkirk, head of research at Socitm, said: “Accommodating the changes will be a matter of amending existing processes rather than inventing new ones’ says.
“Some of the changes could be onerous and problematic. For example, councils will need to be able to deal correctly and completely with ‘right to be forgotten’ requests – perhaps the single greatest challenge in an almost ubiquitously networked and distributed computing world.”
Related content
EU data protection – What does the new regulation mean for public sector suppliers?
How the EU’s General Data Protection Regulation Will Impact Your Organisation
Both the draft European Data Protection Regulation – to replace the Data Protection Directive currently in place – and the new EU-US Privacy Shield – to replace the Safe Harbor agreement of 2000 that was struck down by the European Court of Justice in 2015 – are expected to be in place by 2018.
In its new briefing, Socitm sets out details of the forthcoming changes and warns that compliance with some aspects of the new legislative framework could be difficult.
In a separate briefing on digital innovation, the body said that the current devolution agenda is building momentum for collaboration.
It said: “This presents opportunities in areas such as adult care assessments, home care, missing children, becoming an adopter, hospital discharges, overcoming isolation, and more.
“A place-based approach to delivering outcomes, not services, provides the opportunity to deconstruct siloed, paper orientated processes and proprietary technologies, and separate these out to be more commoditised, simplified and shared capabilities.”
