GDPR Readiness



Coming into force May 2018, The General Data Protection Regulation (GDPR) intends to strengthen and unify data protection for individuals within the European Union. GDPR is likely to have a number of impacts on how information is stored within Councils, and the processes and systems associated with data control and processing.


Our GDPR Readiness Programme has helped councils interpret these new regulations by providing a joined up action plan, standards and guidance to aid them in complying with the regulations. This joint effort has avoided duplicate effort across individual councils, ensuring a common understanding of the impact of GDPR and the controls that will need to be introduced.


 Leading the project on behalf of the Digital Office, Glasgow City Council and Fife Council worked solidly together to produce a GDPR toolkit and share the materials with the other 28 Councils in the Partnership.

 Glasgow City Council produced a number of materials consisting of:

  • A full Project Plan, Interdependency Register, Risk Register and Issues Register;

  • Two information gathering exercise templates with accompanying guidance notes (including a guide to legal basis for processing under the GDPR);

    Corporate Risk Register entry;

  • GDPR compliant DPIA template and guidance note;

  • Technology Compliance - Theory and Triage / Compliance spreadsheets that identified eight compliance requirements for an IT application;

  • Privacy Statement Template;

  • Staff communications and training materials including; overall communications plan, three fact sheets, staff handbook, screensavers, non-PC-facing staff hand-out and an online Data Protection (GDPR) staff training course.


Fife Council also produced a number of materials including:

  • GDPR action plan;

  • Law enforcement guidance;

  • GDPR and Data Protection Bill personal data log spreadsheet and guidance note;

  • Sharing personal data log spreadsheet and guidance note;

  • Mop-up spreadsheet for any other data collected/stored by the individual Council and guidance note.








By sharing these materials and providing guidance on preparing, planning and interpreting the imminent legislation, the delivery board of the Digital Partnership estimated the combined cost avoidance to be well in excess of £1million across the 30 Scottish local authorities.


A survey was issued to the 30 local authorities and further benefits realised were:

  • Duplication of effort was avoided;

  • Preparation time and resource was reduced;

  • Quicker movement from planning to implementation;

  • Good data governance practices established to include GDPR;

  • One consistent legal interpretation of the new regulations formed;

  • The potential for non-compliance fines sizably reduced - a huge reputation benefit for councils;

  • An efficient model for future data legislation changes has now been tried and tested.