The first UK Data Protection Index (DP Index) report of 2023 was recently published. Since 2020, the DP Index has surveyed a panel of over 550 Data Protection Officers (DPO) from across the UK every quarter, asking a set of consistent baseline questions.
With one of these questions being:
“Is your organisation’s overall budget for data protection expected to increase or decrease over the next 12 months?”
This is a question we have asked of our panel since 2021. From the results, it can be intimated that, reassuringly, many organisations are still prioritising investment in data protection, even amid the current period of economic pressure.
The overall picture showed 57% of respondents predicting their budget will remain the same, being 8% up from last quarter. With 30% still expecting an increase and only 13% expecting a decrease.
Topical and top of mind was a further question asking;
“How compliant do you feel your organisation is with UK data protection laws?”
The results, up until now, have been consistent with previous years, indicating that respondents were significantly more confident in their organisation’s compliance, overall and across specific areas raised in the report.
For the first time since the DP Index started recording data, organisational compliance scored a mean score of 7.54 based on the 1 and 10 scale, where 1 indicates ‘Not compliant and 10 ‘Entirely complaint’. In addition, this quarter saw those respondents scoring their organisation 8 or above out of 10, rise by 7%, to 58% compared to the previous quarter.
Could this be an indication that organisations are accepting data protection as a critical business function, that forms part of normal business processes?
The areas that respondents felt needed most attention with respect to improving compliance included, data retentionData retention refers to the period for which records are kept and when they should be destroyed. Under the General Data Protection Regulation (GDPR), data retention is a key element of the storage limitation principle, which states that personal data must not be kept for longer than necessary for the purposes for which the personal data are processed., security of personal dataInformation which relates to an identified or identifiable natural person. and vendor due diligence, all confidence scores were down this quarter.
In the end of year-round up of all 2022 DP Index results, we discussed how there was concern with the data protection landscape in the UK, following a rocky year in politics, this concern appears to be accompanying us into 2023. There is still uncertainty around what data protection legislation in the UK will look like. The results shown in this DP Index report were collected prior to the UK government announcing the reintroduction of the Data Protection and Digital Information (No.2) Bill earlier in March. The uncertainty around the Bill and the current economic climate is making organisations question what data privacy and protection will look like going forward, and how they should invest time and budget to ensure compliance. However, whilst change is coming, at present it does not look like there is a reduction in emphasis on the need to comply with data protection laws.
Summary
It often takes time for organisations to recognise that their valuable investment into data protection is adding significant future value through reduced risk, improved engagement and increased customer loyalty. However, the current climate means that organisations must spend wisely and reduce costs where possible. One option to support a reduction in overhead is to consider engaging an outsourced DPO. Outsourcing is a highly cost-effective way of supporting your organisation’s compliance requirements and ensures that you continue to meet your data protection obligations, but without the cost of a full-time role. Outsourcing not only provides access to a highly experienced and knowledgeable DPO, but in the case of The DPO Centre, one that is supported by one the largest teams of experts available.
If you would like to discuss how The DPO Centre can help, please complete the form below. Alternatively, if you are a privacy professional based in the UK and would like to add your voice to future surveys, click here.
Fill in your details below and we’ll get back to you as soon as possible