Councillors fail to take GDPR Compliance training putting ‘residents at risk’

Folkestone & Hythe District Councillors wear three hats when it comes to the General Data Protection Regulations (GDPR) and the Data Protection Act 2018, these are:

  • As a Cllr in the Chamber they are protected by FHDC as FHDC are a data controller.

  • Also a member of Political Party, they are protected by the Data Controller of their party, if they have one. Cllr Govett, Lawes & McKenna do not belong to a political party – they are Independents.

  • However, as a constituency Cllr, they themselves – the Cllr – is a data controller.

FHDC Cllrs through their role have access to sensitive information and data.

It is not known how many Folkestone & Hythe District Cllrs could be putting vulnerable people at risk after failing to complete GDPR Compliance training. FHDC are unable to say who has and who has not completed the training they offered on the 9th May 2018.

FHDC have said:

  •  Unfortunately the Council does not hold itemised lists of training received by individual Councillors, as sign-in sheets were not distributed at these sessions.

The sessions they are talking about for Cllrs took place on the 9th May, sixteen days before the implementation of the new GDPR legislation.

Screenshot from 2018-07-24 09-26-38

(*This sum includes x3 seminars for Council staff and x1 seminar for Councillors over the course of the day. This was procured as a single package, so no specific figure is available for the costing of the Councillor session.)

The compliance training  for GDPR would have included such items as:

  • Lawfulness, Fairness and Transparency

  • Purpose Limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

So why do FHDC Cllrs who have failed to undertake the training continue to receive and send information/data from/to FHDC.

What do Cllrs know about the rights of data subjects (those who send emails to their Cllr) or the Rights of access by Data subjects, or the Right to be forgotten? For those who did not take the training, they’ll know very little or nothing at all, and the GDPR is a complex and technical creature.

These Cllrs who have failed to undertake the training, are not only putting themselves at risk, but they are putting the council at risk and critically the residents of district at risk too. Surely this cannot be acceptable.

We believe that FHDC as a Data Controller should not continue to provide information and access to FHDC systems to those who have not completed the training and mandatory tests as they may compromise their systems and have failed to follow FHDC’s agreed policies and procedures.

This is not the first time Cllrs in our Chamber have failed to comply with Data Protection. Three months after they were elected many Cllrs had not signed up to the Data Protection Public Register, even though they received training.

It’s clear that some Cllrs simply do not take the issue of data protection seriously enough and until they do Folkestone & Hythe District Council should suspend their accounts until they have fully complied with the law of the land.

The Shepwayvox Team

About shepwayvox (1801 Articles)
Our sole motive is to inform the residents of Shepway - and beyond -as to that which is done in their name. email:

1 Comment on Councillors fail to take GDPR Compliance training putting ‘residents at risk’

  1. Unbelievable, but I am quite sure this applies to very many Cllrs around the country and ALL Council should NOT continue to provide information and access to their systems to those who have failed to complete the training, as each and every one of them may compromise their respective Councils systems. They to have failed to follow their Councils agreed policies and procedures.

Leave a Reply

%d bloggers like this: