Data protection officers (DPOs) working in central government departments, agencies and public bodies are under increasing pressure, according to a newly published report.
Half of DPOs report the number of Data Protection Requests (DPRs) has doubled since the introduction of GDPR two years ago, says the study, The Impact of GDPR in Central Government, published by cloud case management service eCase.
The research notes that 70 percent of DPOs have seen significant increases in their workloads. Moreover, 40 percent have not been given any extra team resources to deal with the additional work.
A third are still managing their DPRs manually, supported by spreadsheets, while another third using in-house custom-built tools to manage their DPRs are ‘Unconfident’ that they can fulfil them within the ICO’s time limits.
Indeed, seven percent of DPOs are still concerned about their own compliance with GDPR, two years on.
“This lack of efficient tooling may not only be affecting their ability to confidently manage their current workloads, but also their ability to fulfil future requests, which will become even more pronounced as their workloads continue to increase,” said eCase director, Richard Clarke.
The most common task that DPOs would benefit from improving, when fulfilling DPRs, is gathering information in time (74 percent), and redacting the information once sourced (57 percent).
Recommendations
eCase study has issued several recommendations, including increasing data protection team sizes line with workload growth. It also says organisations should continue to provide both senior and peer level support to DPOs and their teams.
The firm says data protection training and education should be conducted with stakeholders to help reduce both the volumes of internal advice requests and the risk of non-compliance. In addition, specialist purpose-built commercial tools should be provided to help data protection teams keep up with their heavier workloads.
Jon Baines, data protection advisor at Mishcon de Reya LLP and chair of the National Association of Data Protection and Freedom of Information Officers (NADPO), said the findings “should help inform not just decisions made in government and the public sector, but also across the wider spectrum of private organisations.”
