Parish and town councils have said they face a £3.5m bill to implement new data protection rules.
The National Association of Local Councils (NALC) said the Data Protection Bill would require all 10,000 councils and hundreds of parish meetings to appoint a data protection officer, irrespective of their size or use of data.
This role could not be taken by the council clerks, who in most cases were the sole member of staff and anyway worked limited hours.
The bill will give effect in UK law to the European Union’s General Data Protection Regulation. The bill passed its second reading on Monday and will now go before the public bill committee on 27 March.
In a letter to the digital, culture, media and sport secretary Matt Hancock, NALC chair Sue Baxter (Ind) urged the government to meet the £3.5m cost.
She said: “While NALC broadly welcomes the principles of the Data Protection Bill, it is vital these new measures are proportionate and the impact of GDPR on our sector is fully understood by the government.”
During the second reading debate Mr Hancock suggested “several parish councils can choose to share a single data protection officer, provided that he or she is easily accessible from each establishment”.
He added: “The system does not require the hiring of one person per organisation. Organisations have already been set up to provide this service, and the service itself is important. In the case of a small organisation, such as a very small business or a parish council on a low budget, it is still important for data to be handled and protected carefully, because small organisations too can hold very sensitive personal information.”