Blog

As citizens, we have all felt the effects of GDPR either indirectly or directly. It has given us a greater awareness of how our personal data is used and greater powers to manage it.

But, three questions arise:

We surveyed Data Protection Officers across the sector to help answer these questions in our report, ‘The Impact of GDPR in Central Government’. We also held a webinar that further analysed these results with Data Protection experts Jon Baines and Barry Moult.

To give you a snippet of what to expect in our findings, here are three key takeaways from our analysis:

1. DPO’s confidence in their own organisation’s GDPR compliance is high

Of our respondents, 80% rated their organisation as ‘mostly’ or ‘completely’ compliant with GDPR. This shifted significantly when asked about other organisations’ compliance - 58% thought other central government bodies were ‘mostly’ or ‘completely’ compliant. This reduced to 55% when asked about the public sector as a whole. What is more shocking, however, is that after 2 years since GDPR’s introduction, 7% are still concerned about compliance.

2. Subject Access Requests continue to increase, risking non-compliance

In many organisations SARs now form 74% of all DPRs. 50% of respondents told us that SARs had more than doubled since the introduction of GDPR. This becomes all the more worrying when paired with the data we collected on changes to team size.

3. Back-office admin is the biggest challenge to DPR compliance

Without the correct systems and processes in place, fulfilling increasing numbers of DPRs will become even more challenging. ‘Timely information gathering’, ‘finding information’ and ‘redaction’ were the three biggest challenges to fulfilment, amongst a host of others.

We discuss why these results have come about and the potential implications in our webinar ‘The Impact of GDPR on Information Rights’ which is now available to view on-demand.