The Department for Work and Pensions is set to spend £14.73million to prepare for the EU’s incoming General Data Protection Regulation (GDPR). The spending will cover a programme of education and awareness activity for all staff, system remediation and a review of the existing records storage arrangements.
The findings are contained in a new report from the Parliament Street think tank entitled GDPR: The Impact on Government, which was published yesterday. The policy paper examines the steps being taken by central government departments to ensure compliance with the new legislation, including spending on staff training and software.
The Department for Transport (DfT) has an allocated total budget of £547,000 for the GDPR.
- It has spent £147,000 to date preparing for the regulation. This figure includes some time from internal staff assisting with the preparation for the department.
- Of this figure, £23,000 was spent on staff training and £72,000 on hiring contingent labour. The remaining amount is costs associated with existing, internal, staff who have been working on GDPR preparation, where those costs have been recorded.
- The department said that for the rest of the year it estimated a further spend on GDPR of £400,000.
The Ministry of Justice has a total allocated budget of £543,31 for the GDPR.
- It has spent £154,218 to date on GDPR preparations. This included £145,430 on software and £8,788 on GDPR-specific training for staff.
- For the rest of the calendar year, the department plans to spend a further £24,182 on GDPR training and £364,911 on software.
The Treasury has a total allocated budget of £200,783 for the GDPR.
- It has spent £90,483 in the financial year of 2017-2018 and projected £78,800 in 2018-2019.
- It had also allocated £30,000 on learning and development and £15,000 on E-Discovery tools.
Key recommendations in the policy paper include increasing staff training on the fundamentals of the GDPR, sharing best practice between departments and collaborating with external specialist companies for support during implementation of the regulation.
Peter Irikovsky, CEO, Exponea comments “It’s clear that the incoming GDPR presents significant financial and operational challenges for government departments, which are tasked with securely processing large volumes of personal data.
A major concern with this legislation is that many organisations are rushing to meet the impending deadline, hiring in external consultants and resources without being entirely certain that the changes made will deliver complete compliance. As such there is a real risk that many departments could be GDPR compliant in theory, but not in practice, due to the complex nature of their software vendors, many of which aren’t taking GDPR seriously.
With this in mind, isn’t it time that all organisations woke up to the need for independent, external certification of GDPR capabilities, that guarantee compliance? By raising standards through certification, departments can be sure they are adhering to these new regulations, protecting the organisation from financial penalties and delivering high standards of data management to the public.”