• wblogo
  • wblogo
  • wblogo

GDPR a heavy burden, finds poll

Chris Hamblin, Editor, London, 5 July 2018

articleimage

The Core Partnership, a recruitment firm acting on behalf of the UK's Institute of Chartered Secretaries and Administrators, has staged a poll that suggests that 78% of governance experts in all industries have found the European Union’s General Data Protection Regulation to be a heavy burden on their resources.

Among the rest of the 535 or so people who answered the survey, 9% were unsure whether the burden had been heavy and 13% thought that the burden had not been heavy at all.

Many organisations had to hire more staff or employ external consultants because their internal resources could not cope. Even when they outsourced work, sometimes at considerable expense, they sometimes ran into problems. One respondent stated: "We engaged external solicitors but they themselves saw an increased workload, which reduced their response time for us."

Another respondent revealed: "Our issue was mainly one of resource. We started the exercise last summer but the data mapping took months. By the time we were ready to analyse it with our lawyers, they themselves were inundated and took some time to produce our GDPR readiness report."

One critic bemoaned the fact that "tech resources have been diverted from business improvements to compliance at a time when a UK company should be focusing on using technology to improve productivity and drive the business forward."

Several respondents struck a more positive note, with one stating: "It has taken a considerable amount of time, but has provided us with a good opportunity to review contracts and arrangements with external suppliers...it will improve our approach to data handling and ensure that our housekeeping is much better. It is definitely a good thing, but, for a small-to-medium enterprise with limited resources, implementation has been quite painful."

Resource-related problems and outstanding problems that firms had with their contractors contributed to delays in the effort to comply with the GDPR. Only 50% of organisations (see pie chart) were fully compliant when it came into force on 25 May. Some 27% admitted to not being fully compliant on time, with the remaining 23% unsure.

According to Peter Swabey, the policy and research director at ICSA: “Achieving full compliance has been extremely time-consuming for many organisations and there is some concern that ongoing compliance will continue to be burdensome. Many of the areas that were named as being problematic – co-ordination between jurisdictions; group-wide solutions; third-party engagement; and staff training – will continue to be of importance and will require organisations to review processes and procedures on an ongoing basis. It is important for organisations to keep in mind that 25 May was just the start.”

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll