Workload and resourcing
Since the introduction of GDPR in May 2018, it seems people have become more aware of their data protection rights, as is evident from the fact that 70% of data protection officers, who work across central government and public sector agencies reported a significant increase in their workloads. But this increase in workload, has not been met with increased resources.
Whilst workloads have been increasing, 40% of data protection officers reported their team did not hire any extra staff to meet this demand. Whilst some team sizes did expand to meet demand, 50% of respondents reported that their teams only grew “a little”.
The report, published by eCase, suggests that the reason why demand is not being met with sufficient resources, is because there was expected to be a temporary spike in requests relating to GDPR (for example, subject access requests). However the spike in requests has lasted much longer than officials have expected and data protection teams are therefore at risk of becoming overstretched. Obviously, overstretched teams may not produce the best results which may, in turn, result in the non-compliance of GDPR principles.
eCase have advised that in order to address these problems and avoid non-compliance, central government bodies either need to increase their team resources or invest in more advanced tools to help them work more efficiently. Their report also commented on the processes that data protection officers currently use and only 13% of those interviewed report that they use specialist purpose-built tools whilst processing subject access requests. Meanwhile 33% process these requests manually using spreadsheets. 54% of data protection officers are using in-house custom built tools however 1/3 lack the confidence in using these tools.