Most boroughs across the UK are unable to comply with the General Data Protection Regulation (GDPR) ‘right to be forgotten' requirements, even though there is less than nine months to go before the GDPR becomes law.
Research by information management company M-Files, conducted via a series of Freedom of Information (FOI) requests, found that all 32 London boroughs and 44 other local authorities across the UK found that 69 per cent of the local authorities are not able to effectively erase personally identifiable information (PII) from their systems - a critical requirement of the new regulation.
Updating systems in time for the new Regulation will require identifying software utilising personally identifiable information and re-writing it accordingly - at a time when HMRC's updated IR35 rules is putting off many contractors from working in the public sector.
Alternatively, local authorities will need to upgrade or replace software packages, lock, stock and barrel.
Julian Cook, vice president of UK business at M-Files, suggested that the public sector needs to become more proactive when it comes to tackling personal privacy issues, which sit within the wider arc of compliance within GDPR.
"The right-to-be-forgotten is arguably one of the most challenging aspects of GDPR, which places the onus on organisations to introduce smarter measures around data protection and controls, including how the Personally Identifiable Information (PII) of EU citizens is collected, stored and shared," said Cook.
He continued: "This is particularly true for the public sector, where this data is commonly trapped within information siloes and duplicated across different systems and repositories.
"The net result is that public sector organisations often don't have a full picture of the data on their systems, so completely erasing personal data becomes infinitely more challenging. Radical changes to how public sector organisations manage their information will be required if they are to be compliant when the regulation comes into force."
While the Information Commissioner's Office (ICO) has indicated that it won't come down hard on organisations that fail to comply with GDPR from day one, but which can demonstrate efforts to improve their level of compliance, Cook believes that local authorities should focus on implementing technology solutions that streamline the management of personal data, and are compliant in key facets of the regulation.
"The essence of GDPR is to ensure that explicit policies and procedures for handling personal information are in place, but with less than a year before the go live date of 25th May 2018, the findings present a fairly concerning picture as to how prepared councils are.
"Because of this the door is open for technology to play a significant role in automating and simplifying many of these processes," said Cook.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007