78% of organisations have found GDPR to be a huge drain on resources

A poll published by ICSA: The Governance Institute and recruitment specialist The Core Partnership reveals that almost four-fifths (78%) of organisations surveyed have found becoming compliant with the EU’s General Data Protection Regulation (GDPR) to be a heavy burden on their resources; 9% of those surveyed were unsure and 13% felt that it had not been a heavy burden.

  • 5 years ago Posted in

Many organisations had to hire additional staff or employ external consultants due to internal resource issues. Even when work was outsourced, sometimes at considerable expense, it was not necessarily problem free with one respondent stating that ‘We engaged external solicitors but they themselves saw in increased workload, which reduced their response time for us’. This was reinforced by another respondent who revealed that ‘Our issue was mainly one of resource. We started the exercise last summer but the data mapping took months. By the time we were ready to analyse it with our lawyers, they themselves were inundated and took some time to produce our GDPR readiness report.’

 

One critic bemoaned the fact that ‘Tech resources have been diverted from business improvements to compliance at a time when a UK company should be focussing on using technology to improve productivity and drive the business forward. Several respondents struck a more positive note, stating that ‘It has taken a considerable amount of time, but has provided us with a good opportunity to review contracts and arrangements with external suppliers and ‘It will improve our approach to data handling and ensure that our housekeeping is much better. It is definitely a good thing, but, for an SME with limited resources, implementation has been quite painful.’

 

Resource issues and outstanding issues with third party contractors contributed to the delay in hitting full compliance. Just 50% of organisations were fully compliant with GDPR when the new EU data protection regulation came into force on 25 May. Some 27% admitted to not being fully compliant in time, with the remaining 23% unsure.

 

According to Peter Swabey, Policy and Research Director at ICSA: The Governance Institute:

 

“Achieving full compliance has been extremely time-consuming for many organisations and there is some concern that ongoing compliance will continue to be burdensome. Many of the areas that were named as being problematic coordination between jurisdictions; group-wide solutions; third-party engagement; and staff training will continue to be of importance and will require organisations to review processes and procedures on an ongoing basis. It is important for organisations to keep in mind that 25 May was just the start.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...