Organisations’ understanding of data “not greatly improved by GDPR” warns ICSA

The introduction of the General Data Protection Regulation (GDPR) has not yet led to a substantial improvement in organisations’ understanding of their data. That’s according to the results of a poll conducted by ICSA: The Governance Institute in conjunction with recruitment specialist The Core Partnership.

The poll reveals that the majority of organisations surveyed (42% of them, in fact) feel that their understanding of data has stayed the same since the EU’s GDPR was introduced. Some 39% of respondents believe that their understanding has improved significantly, however, while a further 17% think that it has improved only slightly.

Some of the positives cited as having resulted from the implementation of the GDPR are as follows:

*Much more awareness of data issues than was previously the case

*It has forced organisations to review and update procedures right across the board and duly identified many gaps

*It has resulted in significant culls of databases

*The law change has given legal colleagues a seat at the table to ensure compliance is taken seriously, not only when dealing with customers, but right upstream as new processes/systems are being designed

*Greater understanding of the security of personal data in colleagues’ personal lives

Negative comments from respondents

Some of the more negative comments include the following:

*GDPR is a hassle and hasn’t advanced business. It has only increased overheads

*Huge burden on resources

*GDPR has created much extra work for little extra benefit

*Data Subject Access Requests are taking a disproportionate amount of time and money to resolve

*Significant compliance burden with no clear additional benefit to data subjects. The previous legislation seemed more than adequate

Peter Swabey

Peter Swabey

Peter Swabey, policy and research director at ICSA, told Risk Xtra: “Some organisations feel that the GDPR has added cost and complexity and that a sledgehammer has been used to crack a nut in terms of what the GDPR has actually achieved. Others feel that it has helped them to clarify and make more efficient the systems and processes that use personal data.”

Swabey continued: “While the GDPR has undoubtedly increased the compliance burden and costs, there are also benefits in that the profile of properly holding and protecting data has also significantly increased. The GDPR has concentrated people’s minds on personal data, but it’s a continuing obligation whose burden is yet to be fully felt.”

In conclusion, Swabey observed: “It should also be remembered that obligations under the UK’s Privacy and Electronic Communications Regulations (PECR) are of equal importance. Organisations do need to understand the interaction between the GDPR, the PECR and the Data Protection Act 2018.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts