UK Universities spending only half a million on GDPR

As the GDPR deadline arrives, new research reveals that UK Universities are spending just over half a million pounds preparing for it

by News Reporter on 25 May 2018 15:44


Universities in the UK are spending just over half a million pounds preparing for the incoming EU General Data Protection Regulation (GDPR), according to new data published today. Researchers at the Parliament Street think tank surveyed UK Universities asking for information on budget and resource allocations to implement the new data protection legislation which is enforceable as of tomorrow (25th May 2018).

The research is published following the disclosure that the University of Greenwich has been fined £120,000 by the Information Commissioner after a security breach in which the personal data of 19,500 students was placed online. Of the Universities that responded to the request for information, a total of £640,885 was disclosed for GDPR preparations.

Cranfield University topped the list, spending £157,781 on staff, training and legal costs. This was followed by Edinburgh Napier University which said it was spending £83,940.40 on a governance and compliance course, information services for staff, a GDPR practitioners training course, an e-learning module and the procurement of a GDPR toolkit.

University College London said it was spending £83,238 on project management, training and third party legal services. Kingston University disclosed spending of £81,500 on staff training consultants. Meanwhile Bournemouth university spent £64,199 on staff and IT training.

At the bottom of the list was Heythrop College, University of London, which spent £1,462 on staff training. Liverpool John Moores university spent £1,618 on external training. Canterbury Christ Church University spent £2,854.80 on staff training.

Jason Tooley, Board Member, TechUK comments: “The incoming GDPR is a regulatory minefield for universities, which are tasked with managing complex data including personal details of students, marketing of courses and processing applications from all over the world. Mishandling of this information will lead to severe financial penalties and in order to prevent this staff need to be trained on how to adhere to the new data rights of students and be fully aware of the rules associated with this legislation.

There are no quick fix solutions for implementing the GDPR. Adapting to it means driving cultural change within the organisation about how information should be stored, managed and used in all circumstances. Failure to take appropriate action will leave higher education institutions at risk of breaching the guidelines and losing trust with students.”

blog comments powered by Disqus