Data protection officers working in central Government departments and public bodies claim they are being bombarded by consumers demanding to know what data is held on them, with the number of so-called data subject access requests (DSARs) doubling in the two years since GDPR came into force.
However, most insist they do not have adequate resources when it comes to dealing with the workload, according to a new study conducted by eCase, which works extensively with Westminster, including at the Department for Work & Pensions, Defra, HMRC, the Ministry of Defence and the Treasury.
Its survey of central government DPOs found that 70% had seen a significant increase in their workload since GDPR became law, while 40% had received no extra team resources to manage this and 33% were still managing requests manually or with support from basic spreadsheet software.
However, more than four-fifths (83%) did at least admit they had seen an increase in “support and recognition” from their superiors.
The Government is now being urged to increase the size of departmental data protection teams, provide more concrete support to these teams to help them ingrain best data protection practice into their work, and offer more extensive and continuous data protection training and education.
eCase director Richard Clarke said: “Given the current pandemic situation, where we know that many teams have been depleted and the focus on the role of data in managing this crisis has sharpened, the risk of data protection teams being overwhelmed is greater than ever.”
Jon Baines, chair of the National Association of Data Protection and Freedom of Information Officers (NADPO) and a data protection advisor at law firm Mishcon de Reya, added: “[These] findings should help inform not just decisions made in government and the public sector, but also across the wider spectrum of private organisations.”
Firms braced for stampede of Covid-19 data requests
ICO pledges ‘light touch’ over coronavirus privacy fears
Brexit Party pummelled over backlog of data requests
Firms accused of handing out personal data willy-nilly
Met farce fuels data access request warning to brands
‘I don’t believe it’…young make most GDPR complaints