The latest Data Protection Index highlights organisations’ biggest GDPR compliance challenges over the next twelve months.
With the introduction of the second draft of the Data Protection and Digital Information Bill, along with fresh data breach guidance coming out of Europe, businesses find themselves under increasing pressure to step up their commitment to meeting data regulatory requirements both at home and abroad.
In the latest Data Protection Index data protection experts in the UK rated what they believe will be their organisations’ biggest GDPR compliance challenges over the next twelve-month period:
The most significant change in respondents’ attitudes this quarter relates to AI and machine learning. 14 per cent of respondents identified this as their organisation’s biggest GDPR compliance challenge (up seven per cent from the last quarter).
The second biggest GDPR compliance challenge identified by respondents through the survey was “international data transfers”, with 15 per cent of respondents identifying this as their organisations’ top GDPR compliance challenge.
Eight per cent of respondents chose “handling individuals’ rights requests” as their organisations’ biggest GDPR compliance, the highest recorded score since the survey began back in Q3 2020.
This quarter’s panel results were collected prior to the announcement of the UK Data Protection and Digital Information Bill, giving unique insight into the sector’s views prior to its release and dissection.
It is a concern to see our panel members now expect to see their organisation’s budget for data protection stagnate during 2023. Particularly when the introduction of the new Bill requires the continued maintenance of the current, and in some areas, higher, compliance standards. Additionally, businesses processing personal data on both EU and UK residents will soon need to navigate two separate privacy regimes, and therefore likely subject to increased compliance costs.
The results reveal that data retention, international data transfers, and AI and machine learning are the key compliance challenges. It therefore appears clear that 2023 is going to be just as interesting and challenging for the industry to traverse, as the previous almost 5 years have been since the GDPR came into force.
In addition, the results of the DP Index reveal what data protection experts see as their organisations’ biggest data protection compliance issues:
Privacy experts were least confident in their organisations’ compliance with data retention requirements, with just 23 per cent of them scoring eight or above in this area.
Over the last four quarters, confidence in their organisations’ compliance with data retention requirements has declined.
This quarter, respondents were most confident in their organisations’ compliance with the policies and procedures, with 77 per cent of respondents scoring their organisation eight or above in each category.
The confidence in vendor compliance with due diligence has fallen significantly since the last quarter (down five per cent from the last quarter and ten per cent from its Q1 2021 high).
“Data protection officers are on the frontlines of data evolution,” said Nick James, founder, Data Protection World Forum. “It’s never been more important to take in their views to help us understand business priorities, how regulatory changes affect corporate needs, and how data subjects’ expectations are shifting.”