Public sector entering ‘wild west’ as UK hits peak GDPR frenzy, says ST2 Technology

Public sector organisations must take greater care when choosing General Data Protection Regulation (GDPR) compliance partners by ensuring that the right balance of legal and technical delivery skillsets are in place. This is according to ST2 Technology who suggests that a failure to do so will inevitably lead to significant compliance failures after the new regulations take hold.

GDPR means significant changes that will affect public sector organisations, especially as these companies hold some of the most sensitive and personal data in the UK. In fact, information reported by the Information Commissioner’s Office (ICO) shows that UK local government organisations accounted for 11 per cent of all reported data security incidents in the last three years and, just recently, Nottinghamshire County Council was fined £70,000 by the ICO for leaving vulnerable people’s personal information exposed online for five years.

Richard Hannah, Head of Consulting at ST2 Technology, suggests that with public sector organisations facing an uphill struggle as they attempt to maintain the integrity of their data, there has been a sharp rise in assessment kits and non-specialist consultants offering advice to organisations on how these companies can ready themselves, despite not necessarily having the relevant and appropriate experience.

With GDPR offering citizens compensation when a breach occurs, the regulation could spawn ‘PPI’ type agencies to pursue claims against local authorities.

He explains: “Radical changes to how public sector organisations manage their information will be required if they are to be compliant when GDPR comes into force. This is creating a sense of urgency as organisations try to get to grips with their data, how it is handled, where it is stored and who has access to it. However, as a result there has been a rush from consultancies to fill the market void, leading to untested and potentially incorrect approaches to ensuring compliance. We can expect a lot of teething problems and some significant compliance failures coming to light over 2018/19.

“For many consultancies, customers looking for partners to help them become compliant with GDPR is the equivalent of a new gold rush – however, less speed and more haste should be the mantra as we all work with the new data landscape now coming into view.

“The public sector must recognise that GDPR is not just about company records, data and processes, it is also about the law as it affects an organisation’s commercial arrangements, technology, risk management and its ability to transform operations to maintain compliance – doing nothing really is not an option and many of the public sector’s issues are systemic,” adds Richard.

ST2 Technology has built its Assessment, Compliance and Transformation (ACT) framework – which provides comprehensive analysis, planning and implementation of technology – in order to help organisations identify and address any GDPR compliance gaps.

The framework starts with a comprehensive analysis of an organisation’s readiness against the new legislation. This assessment covers contractual elements, process, technology and legal readiness. A gap analysis is then created and delivered to management. This is followed by a compliance roadmap that provides a detailed plan to eliminate the risk within the organisation, encompassing contracts, operations, legal and technology.

The ST2 framework then identifies any technology performance issues that may require additional safeguards. Finally, the plan is executed, led by ST2 consultants who work with in-house teams to deliver the transformation phase.

“The ACT framework manages every aspect involved when it comes to achieving compliance; we provide, planning, implementation and optimisation of technology, and even the provision of tools, training and software solutions to ensure companies can maintain compliance with this tough piece of legislation. We firmly believe that no other GDPR portfolio service is as comprehensive as this, not only in delivering compliance, but also when it comes to the tools required to maintain compliance,” concludes Richard.