Issue - meetings

Data Protection Act 2018 (DPA) Update

Meeting: 31/03/2022 - Corporate Committee (Item 9)

9 Data Protection Act 2018 (DPA) Update pdf icon PDF 377 KB

(All wards)


Report Authorised by: Bayo Dosunmu: Strategic Director for Resident Services


Contact for enquiries:Donald Ford, Project Manager, Information Governance, 020 7926 2464 or 07590078318,




Additional documents:


Matthew Ginn, Council Data Protection Officer; and, Donald Ford, Project Manager for GDPR, introduced the report and responded to questions as follows:

·           Lambeth had begun its Data Protection arrangements earlier than other London boroughs and compared favourably to them. Officers attended cross-London meetings at which further improvements were discussed.

·           Data protection training figures for the year 2022 were low overall and particularly low in some Directorates. This had been raised with senior management to improve, alongside the reissuing of staff training modules and communications, which would be monitored by Lambeth’s Information Group and were also meeting with eLearning colleagues to improve training further.

·           Lambeth had ensured value for money by delivering the programme, developing the Data Breach system, and providing training in-house compared to other local authorities who relied on external companies and consultants.  It was noted that fines could potentially reach £17m.

·           Considerable work had been undertaken to improve processes and identify gaps such as the Corporate Complaints unit handling benefits and acting in a gatekeeper role for Subject Access Requests (SARs), which had improved to 82% on-time completion.


The Chair noted the Committee’s concern on training levels and asked that evidence of improvements, including measures to do so, were shared with the Committee.



1.         To note the work that has been undertaken in Phase 3 of the DPA Project.

2.         To note that responsibility for maintaining the currency and accuracy of the Information Asset Register and IA Portal now lies with the relevant Directorates and the IAO.

3.         To note the implementation of the Information Risk Group, responsible for information governance strategically and for assuring the SMB on information risks, and that this group should be fully supported by all Directorates.

4.         To note all directorates remain required adhere to the ICO Accountability Framework.