Agenda item

General Data Protection Regulation (GDPR) update report

Meeting of Digital Services Committee, Thursday, 31st May, 2018 1.45 pm (Item 9.)

Report of the Comptroller

Minutes:

Members considered a report of the Comptroller regarding and update on GDPR and the following points were made:

· The Comptroller commented that the findings of the Mazars Audit revealed that the Corporation has made good progress with GDPR and there were no red risks.

· Members commented that some policies were overzealous and too risk cautious, at the expense of Members convivence. The Comptroller commented that judgement calls had to be made due to the timely nature of the project and invited Members to speak to the Comptroller outside of the meeting about areas that may have caused undue inconvenience as they could be looked into.

· A Member expressed concern that the Corporation may had relied on poor guidance of the Law Society, who had since expressed that their guidance had been incorrect.

· In response to a question, the Comptroller commented that auditing of third party contracts would be dealt with in phase two as there was not capacity to complete this prior to the implementation date. Members commented that a central register of contractors should be created and maintained.

· Members commented that this project was an enormous task and thanked the Comptroller for taking it seriously and getting the Corporation into the best position it could be in.

RESOLVED – That Members noted the report.

Supporting documents:

2018.05.11 GDPR - project progress report - IT Sub comm 31.05.2018, item 9. PDF 92 KB