Afternoon all - hopefully an easy Friday afternoon question.  


I am new to practicing Data Protection, whilst I am comfortable with current DP legislation I would be interested in hearing the views of experienced DPO's.


As a Local Authority we have a legal obligation to carry out a Boundary Review and we have an issue.  We 'want/have to' to use live data in the test system.  I have been told that there it can't be anonymised nor can we obtain dummy data.  The system is over 20 years and we do have a project underway to replace it.  They system is Acolaid in case you've heard of it and is used by Planning, Building Control, Environmental Health and Land Charges.


I am aware of a recent discussion regarding the use of 'live' data in a training situation and someone mentioned a BSI document dating back to 2009, it was on the use of live data in a test environment which I found very useful, particularly when my opposers are saying this is new under GDPR and I have been saying this was the case under DPA98.  However I have been asked to reach out to DPO colleagues for their input and experience as we have 2 schools of thought:-


  1. Live data cannot be used in both live and test environments - because we haven't told people, its not the reason we collected the data etc. the DP Principles.  
  2. Live data can be used in both live and test environments - I am working with several people who once worked in private industry and are now LA, some as little as 3 yrs ago, up to 20+ years ago and they say its always been common to use live data and its not an issue, is that because its not an issue or because they haven't been practicing data protection properly.....


To cover off this particular request we are carrying out a DPIA which will detail why it really has to be live data, why dummy or anonymised data cannot be used.  So we will be doing it by exception.  However as I said above I have been asked to get feedback from experienced DPO's on what has been the norm to date.


Thank you everyone


Have a lovely weekend...



Mrs Cheryl Lincoln
Information Governance Manager (DPO)
Havant Borough Council and East Hampshire District Council
Direct Dial: 02392 446568

Havant Borough Council 
Public Service Plaza                                                           
Civic Centre Road Havant PO9 2AX                              
www.havant.gov.uk                                                           
www.facebook.com/havantboroughcouncil                   
www.twitter.com/havantborough                         

and 

East Hampshire District Council
Penns Place
Petersfield GU31 4EX
www.easthants.gov.uk
www.facebook.com/easthampshiredistrictcouncil
www.twitter.com/easthantsdc

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)