Data Protection Bill [Lords] Debate
Full Debate: Read Full DebateJames Cartlidge
Main Page: James Cartlidge (Conservative - South Suffolk)Department Debates - View all James Cartlidge's debates with the Department for Digital, Culture, Media & Sport
(6 years, 8 months ago)
Commons ChamberI have received representations not only from the National Association of Local Councils, but from the Suffolk Association of Local Councils and many of my own parish councils—including Moulton Parish Council—which do an admirable job in telling me about the pressures facing parish councils throughout the country. I pay tribute to them for their efforts, and for the length of their representations to me.
Of course it is important for parish councils, and other local councils, to follow high-quality data protection standards. The Information Commissioner’s Office has provided extensive guidance to help organisations to prepare for their new responsibilities, and I urge councils to look at it.
The responsibilities of data protection officers—this is relevant to the issue raised by the hon. Gentleman—can be implemented in different ways. For instance, several parish councils can choose to share a single data protection officer, provided that he or she is easily accessible from each establishment. The system does not require the hiring of one person per organisation. Organisations have already been set up to provide this service, and the service itself is important. In the case of a small organisation, such as a very small business or a parish council on a low budget, it is still important for data to be handled and protected carefully, because small organisations too can hold very sensitive personal information. I am extremely sympathetic to the plight of small businesses that must deal with regulation—especially as I come from a small business background myself—but I am also convinced that it is good practice to follow high-quality data protection standards and that it is good for organisations to do so.
I thank my right hon. Friend for giving way. He is being very generous.
I knew that some small businesses in my constituency were concerned about the impact of the GDPR, so I telephoned the Information Commissioner’s Office to find out what support was available to them. The only answer that the office could give to every question that I asked about how the GDPR would affect small businesses was “Go to the website.” Does my right hon. Friend agree that we should expect better from a telephone line that is funded by the taxpayer?
I am glad that there is a telephone line. I am sure that the Information Commissioner will be watching the debate and will hear the plea for clear guidance on how small organisations in particular should implement data protection standards, whether they are small councils or small businesses. However, the Information Commissioner’s Office has already provided clearer guidance, as well as the telephone line. It is obviously listening, with the aim of getting the guidance right and ensuring that, in lay terms, meeting the new standards is straightforward. This issue came up in the other place as well. It is important for us to get the implementation right, especially in the case of small organisations.