A Warning to Local Authority Chief Officers on Information Management and GDPR

In the dim distant past, the UK’s Office of the Deputy Prime Minister (ODPM) set targets for e-Government. Those of us in the know looked on in horror as one local authority after another threw themselves at the feet of IT suppliers who could tick the ‘priority outcome’ box for them. The figures for the e-Government programme speak for themselves: UK local authorities ‘invested’ £3.90 billion but realised just £0.97 billion of savings.

From 2004 onwards, I was one of the few who dared to thump the table about the dangers of ‘point solutions’, arguing instead that government ought to be steering a course that would deliver regional IT service centres, with their own regional transformation teams, delivering truly joined-up, citizen focused services across multiple public sector agencies. Sadly, the nuts and bolts were the least of the issues, it now being apparent that too many local authorities lacked the skills required to deliver truly strategic governance. Central government was no better and whilst there were clearly a number of individuals who did understand the pitfalls, they were silenced by the lobbying clout of major suppliers who knew that chaos was more profitable.

And so the cycle begins again, this time with Digital Transformation which appears to have even less strategic governance focus than its e-Government predecessor. Cloud services may have reduced capital costs but too often local authorities commit themselves to hybrid environments that are not sustainable and, in some cases, just don’t work. Business managers with little or no skills in information technology and information management are tasked with delivering solutions without any of the strategic governance that prevents long term issues… and costs.

With the looming deadline of May 2018 for GDPR (General Data Protection Regulation) compliance, we will see yet more local authorities handing off responsibility for compliance to their IT suppliers, missing the reality that, if the solutions are not strategic, the costs will escalate to the point where they become unsustainable… except that, this time, local authorities won’t be able to rip out their GDPR solution and write it down to experience. If local authorities are already failing in basic records management, what chance have they got with GDPR? Yes, it’s also about organisational structures and processes but if you don’t have governance that’s driven by all of your core strategies, you’re essentially blind to the longer term challenges and risks.

Chief Officers are running out of time to ensure that they have the required skills onboard to navigate a safe passage without falling prey to the myriad of IT suppliers who will be only too happy to provide their solution. Step One: is to accept that GDPR, and Information Management generally, has to be a board level issue. Step Two: is to make sure that is stays a board issue by appointing a CIO. Step Three: is to move very quickly; there are very few individuals in the UK with the requisite skills and experience to make this happen.

You’ve been warned…

David Gale is a consultant CIO, Business Transformation Director and Enterprise Architect and has briefed over six hundred local authorities across EMEA, as well as Ministers and senior civil servants of fourteen national governments. He is the originator of the Strategic IT Framework and TADAG (a component of which spawned OpenID).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s