Public sector 'risking GDPR violations' by overworking DPOs

Surging workloads for government data protection teams haven’t been matched with greater staffing

Public sector data protection officers (DPO) have been put under much greater strain since the rollout of GDPR, with swelling workloads not being matched with additional resources.

The lack of extra staffing for data protection teams, including central government and public sector agencies, is stretching workers too thinly and may result in GPDR violations if left unaddressed, research by eCase claims.

Although 70% of data protection officers (DPO) working across central government and public sector agencies reported a significant increase in their workloads, 40% reported their team sizes staying roughly the same.

With 93% of data protection staff also reporting a rise in the volume of internal requests, half of respondents reported their teams only growing by "a little".

"The non-alignment between government organisations’ resource and workload growth may be due to the expectation that the introduction of GDPR would only lead to a temporary spike in SARs, internal requests and other activities related to their new statutory duties," the report said.

"Central government bodies are therefore advised to address this divergence by either increasing their team resources or investing in fit for purpose tools to help them operate more efficiently," the report added. "Otherwise, their data protection teams risk becoming overstretched, which may result in non-compliance."

The report examined how the public sector has adapted to the rollout of GDPR in May 2018, with eCase inviting 213 DPOs across 231 central government departments, agencies and public bodies to complete a survey. The firm then conducted follow-up interviews with four respondents to gain more context.

Beyond handling a much greater workload without additional resources, DPOs suggested that gathering information in a timely manner, and finding that information in the first place, were also major challenges in fulfilling requests.

The report also examined how data protection staff managed data protection requests and subject access requests (SARs), and how confident they were in using each method. Just 13% of DPOs use specialist purpose-built commercial tools, while 33% process such requests manually using spreadsheets. 

Related Resource

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

While 54% of DPOs used in-house custom-build platforms to handle requests, this method inspired the least amount of confidence, with a third of DPOs lacking confidence in such tools. By contrast, no-one surveyed who uses either spreadsheets or purpose-built commercial tools expressed being wholly "unconfident" in such methods.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021
Misconfigured cloud services exposed 100 million Android users' data
data breaches

Misconfigured cloud services exposed 100 million Android users' data

21 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021