New research exposes GDPR compliance issues amongst government departments

The results of a new comprehensive study, published today, by eCase - The Impact of GDPR in Central Government – find that half of central government’s Data Protection Officers (DPOs) have seen more than 100% increases in Data Protection Requests (DPRs) since the introduction of GDPR and that, even now, two years after it became law, 7% are still concerned about their own compliance with it.

eCase's report found that 70% of DPOs have seen significant increases in their workloads, while 40% have not been given any extra team resources to deal with the workload increases. However, 83% have experienced an increase in senior level support & recognition. 

One third of DPOs are still managing their requests manually, supported by spreadsheets rather than specialist software commonplace elsewhere. At the same time, one third of those using in-house custom-built tools to manage their DPRs are ‘Unconfident’ that they can fulfil them within the ICO’s time limits. 100% of those using purpose-built commercial tools are ‘Mostly’ or ‘Completely’ confident that they can fulfil DPRs within the ICO’s time limits

The most common task that DPO’s would benefit from improving, when fulfilling DPRs, is gathering information in time (74%), whilst the second was redacting the information once sourced (57%). Shockingly, 7% are still concerned about their own compliance with GDPR

Richard Clarke, a Director at eCase, said, “I believe that the insights and recommendations in this report will provide central government, and the wider public sector, with a clear roadmap for improvement. Given the current pandemic situation, where we know that many teams have been depleted and the focus on the role of data in managing this crisis has sharpened, the risk of Data Protection teams being overwhelmed is greater than ever. I urge all DPOs in Government to read this report and act upon its recommendations, before this happens.”

Commenting on the report, Jon Baines, Data Protection Advisor at Mishcon de Reya LLP and Chair of the National Association of Data Protection and Freedom of Information Officers (NADPO), said “I welcome this report as its findings should help inform not just decisions made in government and the public sector, but also across the wider spectrum of private organisations.”