GDPR: UK government departments spending millions on data protection

Research into public sector spending on the incoming General Data Protection Regulation (GDPR) has revealed that government departments are spending over £16million to tackle the new legislation. The Department for Work and Pensions has set aside nearly £15million alone to train staff on how to adhere to the new data protection rules.

by News Reporter on 26 April 2018 09:00


UK government departments have been landed with a multi-million pound bill to tackle the incoming General Data Protection Regulation (GDPR) according to new research from the Parliament Street think tank.

The policy paper examines the steps being taken by central government departments to ensure compliance with the new legislation, including spending on staff training and software.

Researchers discovered that The Department for Work and Pensions is set to spend £14.73million to prepare for the GDPR. The spending will cover a programme of education and awareness activity for all staff, system remediation and a review of the existing records storage arrangements.

The Ministry of Justice has spent £543,31 for the GDPR, including £145,430 on software and £8,788 on GDPR-specific training for staff. The Treasury has a total allocated budget of £200,783 for the GDPR. This included It had also allocated £30,000 on learning and development and £15,000 on E-Discovery tools.

The report found that The Department for Transport (DfT) has an allocated total budget of £547,000 for the GDPR. It has spent £147,000 to date preparing for the regulation.

This figure includes some time from internal staff assisting with the preparation for the department. Of this figure, £23,000 was spent on staff training and £72,000 on hiring contingent labour. The remaining amount is costs associated with existing, internal, staff who have been working on GDPR preparation, where those costs have been recorded. The department said that for the rest of the year it estimated a further spend on GDPR of £400,000.

Commenting on the news, Peter Irikovsky, CEO, Exponea, the world’s first GDPR-certified software as a service (SaaS) company said, “It’s clear that the incoming GDPR presents significant financial and operational challenges for government departments, which are tasked with securely processing large volumes of personal data."

Irikovsky continued, “A major concern with this legislation is that many organisations are rushing to meet the impending deadline, hiring in external consultants and resources without being entirely certain that the changes made will deliver complete compliance.

As such there is a real risk that many departments could be GDPR compliant in theory, but not in practice, due to the complex nature of their software vendors, many of which aren’t taking GDPR seriously.

With this in mind, isn’t it time that all organisations woke up to the need for independent, external certification of GDPR capabilities, that guarantee compliance? By raising standards through certification, departments can be sure they are adhering to these new regulations, protecting the organisation from financial penalties and delivering high standards of data management to the public.”

blog comments powered by Disqus