What is the GDPR really costing in administration time?

25th May 2019 will mark the 1 year anniversary of the implementation of the GDPR in the UK, yet it would seem that large and small businesses alike are still non compliant, through misinformation or negligence. In the last couple of months the headlines have been littered with instances of data non-compliance, perhaps most memorably the serious failings from Google, which saw them landed with a €50 million (£44 million) fine by French regulator CNIL.

Unfortunately, Google will not be the only company who are failing to tighten up on their GDPR compliance. A survey recently conducted by Talend discovered 74% of UK businesses were still failing to respond to Subject Access Requests. With all of the information and tools available to assist with GDPR compliance, why is this the case?

Before the implementation of the GDPR, research was done based on the views of more than 1000 senior executives from companies in the UK, France, Germany, Spain & Italy (Finding the Missing Link in GDPR Compliance). They determined that on a average, a company will receive 89 GDPR enquiries per month, which will require searching 23 different databases for answers (each taking about 5 minutes). This means that the total time spent each month looking for data will be 172 hours (or one full time employee). For larger companies, these figures are even higher, meaning a total of 1259 hours every month (or 7.5 full time employees).

Not to mention that times above are only indicative of those required for SAR's. There is then internal compliance, data management, policies and staff training to deal with.

Reducing Administration Time

These statistics explain very much why companies are dragging their heals with GDPR. Either the task is too daunting, or there is simply not enough staff time to spare to manage such a task. Researchers also found that much of the time required to handle GDPR tasks, is to allow for manual, error-prone processes. 

This indicates that if the process could be switched from manual to automated, then the administrative burden could indeed be eased, and vast amounts of time saved.

The alternative is a data management service. Keeping track of data is essential, and knowing where it is at any given time, will in turn, speed up Subject Access Requests. Most importantly, GDPR compliance becomes part of everyday business activities, without the need for expensive consultants, or full-time employees dedicated solely to GDPR.

Businesses need to reduce the strain on already-overstretched resources, or potentially no resources, when it comes to data protection. Managing data compliance in house does not need to be complicated or daunting, and an automated process will guide you through, step-by-step.

Click here to find out more, and register for a free trial of IComply.