Data protection laws like the UK General Data Protection Regulation (GDPR) significantly impact organisations. To understand how businesses and public bodies deal with these regulations, the Information Commissioner’s Office (ICO) conducted a study that included surveys and interviews.
The findings give a detailed look at how different organisations manage their data, the challenges they face, and the benefits they gain from complying with the law.
Why did the ICO conduct the study?
The ICO wanted to get a clearer picture of how data protection laws affect organisations in the real world. Rather than just looking at statistics, the study focused on the experiences of data controllers—those responsible for managing data within organisations. The aim was to understand how they view the law, what costs they incur, and the benefits they see from compliance. This approach reveals the complexities and practicalities of staying compliant.
What did the ICO Study Find?
1.Different Ways Organisations Handle Data
The study discovered that how organisations process data varies a lot, depending on their size, sector, and available resources. For example, smaller businesses often handle data in-house, while larger companies might use third-party providers like accounting software. A small charity said it mainly uses data to support its services, while a plant nursery relies on data protection to ensure customer trust for its online sales.
Tip: Look at your organisation’s specific data needs and choose solutions that fit your operations. For smaller businesses, using secure software might be easier and more effective than managing everything manually.
2. Is Data Protection a Help or a Hindrance?
The study showed mixed feelings about data protection laws. Around 32% of data controllers found the laws helpful and said they improved their operations. Many organisations, however, reported unexpected benefits such as increased customer trust and more efficient processes. For instance, a theatre saved on printing costs by only sending marketing materials to customers who had consented, which is in line with GDPR rules.
On the other hand, a prison pointed out the difficulties of sharing information due to strict data access rules, which made it harder to support prisoner rehabilitation. This highlights that while data protection laws can offer many benefits, they can also present challenges, especially for public organisations with specific needs.
Tip: Focus on the long-term benefits of compliance, like gaining customer trust and having clearer operational guidelines. Find ways to turn compliance into an opportunity for positive change.
3. The Cost of Compliance
Following data protection laws can come with costs, such as investing in new software, staff training, and updating policies. The study found that 35% of organisations faced these costs in the past year. However, most considered these expenses manageable and normal for running a business. For example, a law firm acknowledged the ongoing cost of compliance but felt that more transparent data practices and reduced legal risks made it worth the investment.
Some organisations saw compliance as an ongoing challenge that requires continuous spending, but most accepted that these costs are necessary to maintain good data practices.
Tip: Treat compliance costs as an investment in your organisation’s future. Regular training and updated software not only keep you compliant but also strengthen your data security and reputation.
4. Getting the Right Advice
While many organisations look to the ICO for guidance, the feedback is mixed. Some found the advice helpful, while others felt it was too technical and sought more straightforward solutions elsewhere. Many turned to trade bodies, software providers, or external experts for more practical, tailored advice. For example, an agricultural engineering firm relied on its software provider for updates, underscoring the importance of clear and accessible guidance.
Tip: Instead of navigating compliance alone, consider outsourcing to professionals, such as a dedicated Data Protection Officer (DPO) or external consultants. These experts can offer sector-specific insights and ongoing support, ensuring you stay compliant without the guesswork.
TenIntelligence Thoughts
What Should Organisations Keep in Mind?
Tailor your data protection practices to fit your organisation’s specific needs. There is no one-size-fits-all solution. Understanding your data processing requirements and staying flexible can help you navigate compliance challenges while making the most of the opportunities it brings.
Written by
Lynsey Hanson