UK Data Protection Index: first findings published

Data protection professionals are calling for more investment in increasing internal resources, software systems and staff training – but only a quarter expect their budget to increase in the next 12 months, according to the findings of the first UK Data Protection Index.

The index, launched by the Data Protection World Forum and the DPO Centre at the end of July, is based on an anonymised survey of a panel of UK data protection and privacy professionals and will be repeated every three months. 

When asked about pressures on budgets almost half (45%) expected their budget to remain the same in the next 12 months. Just more than quarter (28%) expected their budget to increase while 12% expected their budget to fall. Fifteen per cent did not know. 

Respondents were asked, if their budget was increased by 20%, what would be the biggest investment priority. There were three clear winners: additional internal resources (38%), software and platforms (21%) and staff training (15%), None of the other options were chosen by more than 10% of respondents. 

Just over a third of respondents (35%) rate their organisation’s compliance with GDPR at eight out of ten or above. In fact the average for all respondents is only a rating of 6.9. One in six (16%) panellists score their organisational compliance at 5 out of 10 or less. 

The rating panellists gave for the precedence that data protection was given within the organisation was slightly lower with 25% giving a score of 8 or higher and an average of 6.4. Unsurprisingly, panellists who gave their organisation a low score for compliance also tended to give it a low score for the level of precedence.

The survey asked panellists to what extent the coronavirus pandemic had increased their organisation’s focus on data protection. The average score was 6.0 but the results were varied with almost a quarter (24%) scoring 8 or above, 37% scoring 5 or less (37%) and 39% scoring 6 or 7.

The view on the impact of Brexit was more clear with 58% panellists scoring it at 7 out of ten or more. A quarter scored it 5 out of ten or lower. 

When asked to rate the performance of the ICO there was an average score of 6.4 but a lot of variance. Forty per cent rated the regulator at 8 out of ten or above but 30% rated it at five out of ten or lower.

The number of DSARs that organisations had received in the last 30 days also varied markedly. Almost two thirds (65%) had received less than five, while 14% had received more than 20. Four per cent had received 50 or more. Financial and insurance organisations were much more likely to have a high number – of the organisations who had received 20 or more, three quarters were from the finance and insurance sector. 

When given a range of options to rate as their biggest challenge in GDPR compliance over the next 12 months, the three most popular choices were:

  • Accountability/demonstrating compliance 22%
  • Data retention 18%
  • Brexit 15%

There was genuinely a positive feeling about the data protection laws which affect the UK versus other regulatory regimes – about three quarters of panellists (72%) rated the UK at 7 or above. Only 21% rated the UK at 5 or below. 

Similarly, about three quarters of respondents rated their confidence in advising their organisation on global regulatory regimes at 7 out of ten or more. 

The survey asked panellists about the impact of the CJEU ruling to abolish the EU-US Privacy Shield: 45% rated the impact as seven out of ten or higher while almost a third (31%) rated it as 4 or lower.

The UK Data Protection Index (organised by the Data Protection World Forum and the DPO Centre) will run every quarter and over time will build a unique picture of the profession and its views.

If you would like to join the panel, click here. The full report of the first UK Data Protection Index survey will be available in the next week – you can register for PrivSec’s weekly briefing email to see it first. 


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.