information governance

Cardiff Council’s Operational Manager, Information Governance and Risk, Vivienne Pearson and Information Governance Manager, Dave Parsons, set out the vision and benefits their training offers

At a time when Information Governance practitioners are at a premium, we all need to play our part in understanding our personal and our organisation’s responsibilities and help to build capacity so that data and privacy matters become second nature. Information Governance is not a tick box exercise and often there is no right and wrong answer, it is a judgement call.

IG Solutions, Cardiff Council’s Information Governance training service, was established in order to share our extensive knowledge and expertise of Data Protection and Information Governance with public service partners across the country.

IG Solutions delivers practical training designed to help organisations overcome the challenges they face and understand their responsibilities to manage the strategic risks of fines and reputational damage.

Our training is focused on Data Protection, Freedom of Information and Records Management and we are able to tailor courses to meet your specific needs.

Our vision

Our training is designed to help you understand how compliance can be achieved based on our knowledge, experience and best practice approaches adopted across the public sector, including frameworks such as the Wales Accord for Sharing Personal Information (WASPI), which we hope will help facilitate increased use of consistent methods of controls and assurance.

Busting the myths that:

  • The law is new and we have never considered the privacy of individuals.
  • The public sector is resistant to change and not good at managing risk.

The introduction of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 arrived with the bluster of being ‘the new kid on the block.’ We explore how the challenges around data protection have grown and how they work to protect the rights of individuals developed and that many of the changes introduced in 2018 were enhancements to existing laws and best practice.

Public services have always been resilient and are often the leaders in the areas of change and risk management. We explore our journey and experience of making significant changes to our processes as a result of focussing on the increased enforcement powers of the Information Commissioners’ Office in 2012; the plethora of Codes of Practice issued over the past 10 years; keeping up-to-date with the developing GDPR legislation; taking the decision to anticipate some of the changes whilst looking to secure traction for actively managing the Council’s risks around data protection; and information governance more widely.

We hope that our training helps you to tackle these myths and consider the practical application of the key areas of organisational and technical control as part of your approach to managing risk.

Building capacity and control

Good working arrangements across Wales are already in place with collaborative and regional working amongst Information Governance Managers and Data Protection Officers. However, with increasing demand for regional collaboration and alternative service delivery models across the public service, we need to ensure that there is improved awareness and understanding of information governance to support the drive for change. We have built our training on the experience we have in supporting Cardiff Council and collaboration models, such as Rent Smart Wales, the National Adoption Service, Vale Valleys and Cardiff Regional Adoption Service and Shared Regulatory Services. Our training and educational support will help you to increase the ‘information governance’ capacity within your organisation, enable you to share the ‘information governance’ responsibility across your employees and help you to identify the risks and controls around the use, and sharing of personal data.

Developing a risk-based approach to Information Governance

Public services will continue to face increased scrutiny by the Information Commissioner in the coming months and years. Much of the focus of the Information Commissioners’ enforcement powers has been on large-scale privacy infringements. Recent publicity around the intent to fine several large organisations is a testimony to this. It is vital that the public sector does not become entrenched in an attitude of ‘this will never happen to us’ and the perception that ‘it is not in the interests of the Commissioner to fine the public service.’

A large-scale data breach has the potential to damage public service in more ways than one. Not only would a financial penalty have potential consequences on your frontline service provision, but would also bring about irreparable damage to your organisation’s reputation and standing.

Our training is designed to help organisations focus on the key controls and assurance that they need to prioritise enabling you to demonstrate that due diligence is in place to protect personal data in the event of a data security incident.

Raising awareness and supporting a culture of responsibility

The importance of education and training cannot be understated as part of any ICO investigation one of the first questions they ask is for evidence of the training you have provided for your employees.

Our approach enables you and your organisation to have a fresh, independent, insight to the world of compliance with data protection, as well as providing a range of tools and skills for you to consider taking forward within your organisation. Ultimately, we are all in this together

Information Governance is not just the domain of subject experts it is everybody’s responsibility.


Please note: This is a commercial profile

Contributor Profile

Information Governance Manager
Cardiff Council

Contributor Profile

Operational Manager, Information Governance and Risk
Cardiff Council


Please enter your comment!
Please enter your name here