The Information Commissioner’s Office (ICO) has reported on the results of a survey of local authorities on their preparedness for the General Data Protection Regulation (GDPR) that it conducted last year. The standout findings of the survey were that a quarter of councils do not have a data protection officer, 15% of councils do not have data protection training for employees involved in processing personal data and a third of councils do not undertake privacy impact assessments. The ICO reminded councils that under the GDPR, they will be obliged to appoint a data protection officer and to undertake privacy impact assessments in certain circumstances. Local authorities were also reminded of their responsibility to ensure that all staff involved in processing personal data, including temporary staff, receive adequate training.