Agenda item

Report of the Comptroller & the City Solicitor.

Members received a Report of the Comptroller and the City Solicitor regarding the General Data Protection Regulation (GDPR). The following points were made.

A Member queried which Committee had oversight of data protection reporting, the Comptroller and the City Solicitor confirmed that routine reporting would go to this Sub-Committee and the Audit and Risk Committee, if any serious concerns arose, P&R and Finance would exercise ultimate oversight.

A Member asked about Subject Access Requests. The Chamberlain responded that work was being undertaken to prepare for the extended regime post May 2018. He would return to Members in early 2018 with an update.

A Member queried the current level of breach reporting, the Comptroller and the City Solicitor confirmed that notifications were high, and in a good place from which to build on in the run up to, and after, May 2018.

A Member was concerned with the provision under GDPR of consent – the specific wording and the coverage of requests for user’s consent needed to be fundamentally examined. The Comptroller and the City Solicitor confirmed that work was being carried out and he would bring a summary of the work undertaken to the next Sub-Committee meeting in February 2018 for Member’s information.

A Member stressed the importance of maintaining robust tracking and reporting within a comprehensive risk register.

Responding to a query from a Member, the Comptroller and the City Solicitor reflected that while ICO enforcement is going up, the ICO are sensible and proportionate, and were more focussed on the carrot, and not the stick approach.

RESOLVED – that Members noted the Report.