Kirklees Council is facing a bill of nearly £1 million as it complies with the EU’s new General Data Protection Regulation (GDPR).
Following 12 months of preparation work in advance of the introduction of the EU-wide law, which came into force last month, the authority is about to sign off on a £940,000 budget.
It will cover pre-identified one-off implementation costs, further potential IT costs, other ongoing spending that covers archival storage and the payment of data protection fees to the Information Commissioner’s Office (ICO).
Most of the money – £442,000 for actual costs – will come from the council’s reserves.
But it has to find an extra £300,000 to cover any potential costs.
The remaining £198,920 is expected to be approved at a Cabinet meeting on June 12. The application for extra investment has already been backed by the council’s Information Governance Board and its executive team.
The money will cover resource costs for the Information Governance team, training and software, expanding a central archive, and ICO costs for the council, Returning Officer and other electoral staff plus the authority’s 69 councillors.
The work is expected to last 12 months.
The council has already appointed a Data Protection Officer as it seeks to comply with the new rules.
The new work being carried out by Kirklees also involves scanning, indexing and destroying existing paper files. Boxes of files that have been kept in external storage facilities are also being brought back into the council to be stored within its central archive, which was opened last year.
Officers report that that archive “is steadily filling up” and requires an ongoing budget to pay for such items as maintenance of a mechanical lifting machine and other archival/stationery costs.
GDPR strengthens the rights people have under the existing 1998 Data Protection Act and brings in new ones. It has been described as the biggest overhaul of data privacy regulation in the history of the internet.