The Six Stage Journey Councils Should Take  to Data Protection Compliance

From the 2025/26 AGAR, parish and town councils will be required to complete a new Assertion 10 as part of its Annual Governance Statement. This new requirement goes beyond the expectations previously that came under Assertion 3.

This change will not just require a generic policy or an out of date impact assessment. Councils must be able to evidence compliance, not just their positive intentions.

Yet the challenge is that local council professional are busy running their councils. Clerks and officers may not have the time, or specific data protection expertise to assess their councils current level of compliance with the UK GDPR and Data Protection Act 2018.

Why Acting Now Matters Leaving this until the spring may mean risking a rushed, stressful scramble ahead of your AGAR submission. Instead, starting now gives you the time and clarity to assess compliance properly and that starts with understanding exactly what needs to be done.

Thats why Breakthrough Communications has created a six stage roadmap to guide you through the entire compliance journey.

The Six Stages to Council Data Protection Compliance

Through our Data Protection Toolkit service we have, helped councils achieve and maintain robust data protection compliance. The Toolkit journey is built around six clear, practical stages:

Stage One: Data Protection Basics 

Get clarity on essentials. know what your legal duties, the role of councillors and officers, and the must-know basics of data protection in a local council setting.

Stage Two: Data Mapping

You will need to be able to identify and document all personal data your council processes, and understand why you hold it.

Stage Three: Lawful Bases

For each processing activity, you have to be able to determine the lawful bases under UK GDPR, including any special category data.

Stage Four: Risk Assessment

May councils then conduct a thorough real-world risk assessment that examine the risks associated with the processing of personal data and how to reduce the likelihood and impact of those risks.

Stage Five: Policy Creation 

At this stage your council will now be able to put together a robust, tailored set of policies, which are bespoke to the unique needs of your council and, that reflect how your council actually works.

Stage Six: Assertion 10 Readiness

Finally, you will review your entire approach to data protection compliance, ensure it all stacks up, and be ready to confidently assert compliance as part of your AGAR return.

Take Control of Your Council’s Compliance Journey

This is not about  ticking a box. It is about protecting your residents, your councillors, your staff, and your council's reputation.

Want to discover how to achieve compliance in your council?

Join us for one of our regular webinars and get everything you need to:

• Understand what is expected

• Avoid the common traps

• Start your compliance journey with confidence

Register for the Free Webinar Here