Improvement Service develops GDPR plan for Scotland

Organisation works with solicitors and public sector partners on template documents

Scotland’s Improvement Service has revealed it is working on a readiness plan for compliance with the General Data Protection Regulation (GDPR).

EU flag over laptop with lockThe national improvement organisation for local government in the country has said it has been developing the plan with Thorntons Solicitors and now has draft template documents out for feedback from a group of local authorities and NHS partners.

It is aiming to release them for wider discussion in the middle of next month – two months before GDPR comes into force – and is discussing existing contracts with suppliers to make sure they meet the obligations.

While it has not yet made the templates public, it has said the plan is structured around four main themes: organisations and communications; processes; data subject rights; and contracts and agreements.

It has also indicated that changes have been made in one of its own products, the myaccount sign-in for online services, which is widely used by local authorities in Scotland. These have involved overhauling privacy notices and terms and conditions for account holders, and new agreements with its partners. It is also working to technical changes to the system.

Not a tick box

“GDPR is not a simple tick box exercise for us and the work doesn’t stop on 25 May,” the Improvement Service said.

“We’ve also reviewed our induction and development processes to reinforce our commitment to privacy by design. That means a bit more formality around threat modelling and data flow analysis and making sure we build robust risk and security management into our systems as early as possible.”

Image from descrier.co.uk, CC BY 2.0