THE majority of Dorset Council staff have not completed the mandatory training of General Data Protection Regulations.

An audit report says that effective control measures have not been in place at the council to ensure everyone completes the training.

Breaches of the rules can result in fines running into tens of thousands of pounds.

Prior to the first Covid lockdown GDPR training completion rates, including induction and refresher training, were at just 3% but by the end of June this had increased to 26%. The regulations have been law since May 2018.

An audit report to councillors this week says one of the problems is the difficulty contract and agency staff have in accessing the training because they usually do not have a Dorset Council email and, because of that, also do not get communications reminding them to complete the training.

Monday’s audit and governance committee heard that plans were now being made to ensure more training is completed by staff with the aim of completing the exercise by the end of July this year.

Committee chairman Cllr Matt Hall said he found it worrying that so few of the council’s staff had completed the training.

“It should be done as a matter of course,” he said.

He was told that the numbers had ‘significantly’ improved since the report was written, but was not given an updated figure.

The committee heard that a new training module was about to be made available for staff which would be promoted to managers responsible for compliance and to all Dorset Council staff.

The regulations cover a range of issues around personal data; how it is collected and held, how data no longer needed should be destroyed, and the punishments for unauthorised releases of personal data, which is a criminal offence.

One section of the regulations make it an offence for organisations to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure.