Sprintnotes 6 April 2026

A lighter week due to Easter, but Luton's DDaT service still made significant progress!

Director’s weeknote

Combining weeknotes for last week and this due to leave (off to Wales tomorrow – let’s hope the sun holds out!).

  • Took the DDaT roadmap to Chief Exec’s DMT – it went down well, with:
    • a ton of appreciation for the amount of work we have on
    • Chief Exec felt the priorities were right and there
    • nothing to add from a services perspective
    • a few suggestions for tweaks to the paper format, which we’ll pick up
  • More conversations about the Luton version of an improvement hit team, progressing:
    • data work and the challenges we’ve had to date
    • improvements to iTrent and Civica financials (both a shorter term and longer term plans)
  • Carried on the discussion with Transformation about closer working – we’re trying to work in the same ways and use some similar skillsets, so we’re looking at how we collaborate better. Also involving the Strategy team on how we can work closer.
  • Had my end of year appraisal – something you should all start to prep over the next month – there’s lots to celebrate and be proud of! 
  • This week focusing on the new target operating model (TOM), what the plan is and timelines – I will share these with everyone shortly.

That’s all for now! (Oh and a continuing to smile whenever I need to go on the new website!)

Data governance purview pilot

Project summary

  • Pilot testing largely done with only retention left to do.
    • Retention testing process was unknown but has now resolved with Phoenix during last workshop
    • Testing has been carried out from a user perspective
  • Procurement of a data management system being considered – Would reduce service area administration through automation.
  • Parallel rollout of SharePoint being investigated/considered.
  • Volunteer for first/early service for the rollout – Abigail Coupe – Senior Administrator for School Improvement – Education (previous experience of process at another council in a previous role.

Regulatory Services

The project status is green with the tender in progress and due to complete at the end of the month.

Image showing the weekly status report for Regulatory Services. Incudes outcomes and activiities, as listed below.

Key outcomes in previous period

  • Tender pricing review signed off
  • Data cleansing – ongoing
  • Roadshow planning – ongoing
  • Services activity planning – ongoing

Key activities in next period

  • Tender process – outcome / standstill period
  • Roadshow PPT drafting
  • Services activity planning – ongoing
  • Data cleansing – ongoing

Frontline Services

The project status is amber as uncertainly is resolved over the introduction of the low code portal solution for which information is being gathered in the lead up to final decision.

Image showing the weekly status report for Frontline Services. Incudes outcomes and activiities, as listed below.

Key outcomes in last period

  • Preparing PID feedback for Bartec
  • Workshop scheduled with Bartec to go through service request requirements and process flows
  • Met with LCS to understand process for removing/replacing low code alternative
  • Met with data protection team to move forward with process for back-end Bartec system
  • Data protection process for Bartec portal on hold because of inhouse low code solution
  • Email approved to inform Bartec of possible inhouse low code solution

 Key activities in next period

  • Service request reqs. workshop with Bartec to (feed into Bartec specifications)
  • LCS replacement with low code planning
  • Complete business case for low code portal decision
  • Business case for low code portal and submit to steering committee
  • Email Bartec about investigation of low code portal

Information Governance update

This week’s spotlight: Data Protection Impact Assessments (DPIAs)

We’ve seen an increase in DPIAs and DPIA pre‑assessments over recent months.

  • Some follow data breaches.
  • Some arise when services contact us about something without realising they need one.
  • Others show that teams are building data protection into project planning at the right time.

What is a DPIA and when is one needed?

A DPIA helps identify and minimise risks to people’s information. It is a legal requirement where the processing of personal data is likely to result in a high risk to individuals’ rights and freedoms. Typical triggers include:

  • new systems, apps, or technology that process personal data
  • AI, automation, or profiling (including risk‑scoring/predictions)
  • large‑scale or complex processing, especially of sensitive data
  • use of special category data (health, ethnicity, biometrics, etc.)
  • monitoring or surveillance (CCTV, tracking, location data)
  • major changes to existing processing
  • new data‑sharing arrangements
  • any activity that could cause harm, discrimination, or intrusion

What about processing that isn’t high risk?

The pre‑assessment is used where processing isn’t expected to be high risk. It lets us confirm the risk level and helps we demonstrate how the data protection principles are being met.

What we do?

As well as considering the risks of the processing itself, we:

  • review every DPIA and pre-assessment in conjunction with the data protection principles set out in UK GDPR
  • give advice to services to enable them to understand their obligations and how they can ensure the principles are met

Why this matters to DDAT

Data protection is everyone’s responsibility — but DDAT often has the earliest visibility of new systems, integrations, and processing methods. You may be the first (or only) team to spot that a DPIA is needed, especially where new technology or changes to data flows are introduced.

1
like

Like

1
love

Love

0
haha

Haha

0
thinking

Thinking

Leave a Reply

Your email address will not be published. Required fields are marked *