As a Cllr in the Chamber they are protected by FHDC as FHDC are a data controller.
Also a member of Political Party, they are protected by the Data Controller of their party, if they have one. Cllr Govett, Lawes & McKenna do not belong to a political party – they are Independents.
However, as a constituency Cllr, they themselves – the Cllr – is a data controller.
FHDC Cllrs through their role have access to sensitive information and data.
It is not known how many Folkestone & Hythe District Cllrs could be putting vulnerable people at risk after failing to complete GDPR Compliance training. FHDC are unable to say who has and who has not completed the training they offered on the 9th May 2018.
FHDC have said:
Unfortunately the Council does not hold itemised lists of training received by individual Councillors, as sign-in sheets were not distributed at these sessions.
The sessions they are talking about for Cllrs took place on the 9th May, sixteen days before the implementation of the new GDPR legislation.
(*This sum includes x3 seminars for Council staff and x1 seminar for Councillors over the course of the day. This was procured as a single package, so no specific figure is available for the costing of the Councillor session.)
The compliance training for GDPR would have included such items as:
Lawfulness, Fairness and Transparency
Purpose Limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
So why do FHDC Cllrs who have failed to undertake the training continue to receive and send information/data from/to FHDC.
What do Cllrs know about the rights of data subjects (those who send emails to their Cllr) or the Rights of access by Data subjects, or the Right to be forgotten? For those who did not take the training, they’ll know very little or nothing at all, and the GDPR is a complex and technical creature.
These Cllrs who have failed to undertake the training, are not only putting themselves at risk, but they are putting the council at risk and critically the residents of district at risk too. Surely this cannot be acceptable.
We believe that FHDC as a Data Controller should not continue to provide information and access to FHDC systems to those who have not completed the training and mandatory tests as they may compromise their systems and have failed to follow FHDC’s agreed policies and procedures.
This is not the first time Cllrs in our Chamber have failed to comply with Data Protection. Three months after they were elected many Cllrs had not signed up to the Data Protection Public Register, even though they received training.
It’s clear that some Cllrs simply do not take the issue of data protection seriously enough and until they do Folkestone & Hythe District Council should suspend their accounts until they have fully complied with the law of the land.
