But this could mean that organisations are missing a unique opportunity to revolutionise the public sector’s approach to data, according to one leading expert.
Speaking at Salford Professional Development’s GDPR in the Public Sector Conference, independent digital consultant Jos Creese urged delegates to use the new legislation as catalyst for a cultural change.
“I think the public sector should be setting the lead in GDPR,” he said.
“Some organisations are ahead of the game but they have become complacent, seeing GDPR as just a box ticking exercise. But if all we are trying to do is be compliant, if GDPR is seen as just a cost, then that’s all it will be.
“If I was going to a board meeting I wouldn’t start by saying ‘we need to be ready for GDPR otherwise we could be fined’, because you’re not going to get very far with this approach. We need to go further, what is needed is a change in the cultural approach to data.”
The Public sector organisations hold a vast amount of sensitive and complex data ranging from tax records to biometric information.
Coming into effect in May 2018, GDPR will introduce a series of stringent requirements around the way this data is handled. Transparency, subject opt-ins and the timely reporting of data breaches will become compulsory while those failing to comply will face the prospect of heavy fines.
But rather than focusing on the potential negative consequences, Mr Creese believes public sector leaders should seize the opportunity for a complete overhaul of the way it collects, stores and uses data.
“Most organisations are drowning in a deluge of data. They don’t know what they’ve got and some of it is very poor quality,” he said.
“GDPR is a symptom of the need to get better control of this data. So it should be used as an opportunity to sort out the data, clean it up and build a reputation and trust with the public.
“For the public sector in particular, the ability to exchange data intelligently is crucial, it is the very basis of digital government. In order to do that, we have got to get control of the data, we have to have it in a common format and we need to have the trust of the people giving us the data.”
More information on our upcoming event: GDPR in the Private Sector: Preparing business for data regulation, is available – here.
Is your workforce ready for GDPR? Talk to our bespoke team about an in-house training course – here.Leave a comment