Governance & Transformation & Commercial Enterprise Cabinet Members – 24 March 2017

45      (45)    BUDGET TRANSFERS (VIREMENTS) 2016-17The Director of Policy and Resources submitted a report which sought approval for changes to revenue and capital budgets for 2016-17 as part of the council’s policy of active budget management.

On 23 February 2016, council approved the revenue and capital budgets for the 2016/17 financial year.  The report gave details of virements that required Cabinet Member approval.

Resolved – That the virements at paragraph 3.1 of the report be approved.

46      (46)    YORKSHIRE AND HUMBER REGIONAL NETWORK PROCUREMENT – The Director of Policy and Resources submitted a report that sought to establish a new contractual arrangement for the delivery of the council’s data network services.

Contract procedure rules (CPRs) required procurement plans for contracts over £1m to be approved by the relevant Cabinet Member.

The council’s current contract for fixed data network services with Interroute Communications Ltd expired in September 2018.  It provided all data telecoms for the council, including schools and academies.  Current annual expenditure was approximately £500k.

Under statutory procurement rules, the council was obliged to carry out a re-procurement for these services to replace the expiring contract.

A regional joint procurement exercise – Yorkshire and Humber Public Services Network (YHPSN) was currently being planned.  Partners from the following sectors had committed to participate:

  • Police
  • Local Authorities
  • NHS
  • Fire Services

The procurement was intended to deliver a single secure “network of networks” to all partner organisations.

Crown Commercial Services (CCS) were building a new government procurement framework specifically for these services.  This would replace the previous national RM1045 framework.  It was envisaged that the framework would be available in September 2017.  It was expected that the regional procurement would be initiated for competition under the framework around September/October 2017.

The IT Enablers, as part of Northern Lincolnshire Business Connect, aimed to procure a single network to deliver connectivity to both North and North East Lincolnshire Councils under this exercise.

Resolved – That, as per paragraph 3.1 of the report, the council participate in the regional multi-agency Public Services Network procurement for the reprocurement of its data network services.

47      (47)    GENERAL DATA PROTECTION REGULATION – The Director of Policy and Resources submitted a report that set out how the council would prepare for the introduction of the General Data Protection Regulation (GDPR).

The current Data Protection legislation was enshrined in the European Data Protection Directive 95/46 EC.  European member states implemented this legislation by introducing domestic legislation.  In the UK this was the Data Protection Act 1998 (DPA).

The DPA placed obligations on organisations processing (handling) personal information to comply with eight principles and to fulfil certain responsibilities as Data Controllers of personal information and it gave individuals certain rights.  It also introduced corrective powers and administrative fines for noncompliance with the Act.

The GDPR became European law on 24 May 2016.  On 25 May 2018 the GDPR would take effect in UK law following a two year transitional period.  It would remain in force until the UK leaves the European Union and amends or repeals the legislation.  It was highly likely that post-Brexit UK privacy legislation would retain significant elements of the GDPR.

Recent unprecedented and rapid advances in technology had brought about fundamental changes to the way people use and share information.  A series of high profile security breaches, phone hacking scandals and globally reported whistle-blowing revelations had all served to increase public awareness of the impact of technological advances on their personal privacy.

The GDPR responded to these challenges and opportunities by introducing changes to strengthen individual’s rights and build trust.  Those processing personal data would face increased accountability and compliance obligations.

The report outlined the themes of the GDPR and the principles that must be complied with.

The Information Commissioners Office (ICO) would remain the UK regulator.  The ICO had issued initial guidance for preparing for the introduction of the GDPR, ‘GDPR – 12 Steps to Compliance’ which was attached at Appendix 2.

The ICO have stated that compliance with the current Data Protection Act is seen as a good starting point for compliance with the GDPR.

Resolved – (a) That the implications of the GDPR be noted; (b) that the initial high-level action plan set out in paragraph 2.13 of the report be approved, and (c) that an update on progress with the implementation of GDPR be provided in September 2017.