Member Article

UK Businesses Braced For Post-Pandemic DSAR Storm

An independent survey has lifted the lid on how much British businesses spend processing Data Subject Access Requests (DSARs) every year under GDPR regulation.

The research, commissioned by British data privacy experts Guardum and conducted by Sapio Research among 100 DPOs from companies with 250 or more employees between 29th April and 5th May 2020, reveals that UK businesses are spending £1.59 million annually on DSARs.

The results also highlight the challenges DPOs are facing during lockdown with seventy-five percent polled struggling to meet data compliance obligations while working remotely and 30% fear they will be overwhelmed by a post-pandemic DSAR storm fuelled by requests from furloughed or sacked employees.

Commenting on the findings, Rob Westmacott, co-founder of Guardum: “This research graphically illustrates the huge burden that data privacy professionals are shouldering to maintain data compliance. The Covid-19 pandemic has tipped an already dire situation into a potential melting pot of requests, with fears that the return to work and the ensuing post-mortem by furloughed and sacked workers will overwhelm data compliance teams.”

According to the findings, the sheers volume of DSARs are a growing problem with DPOs receiving 27 DSARs per month, each costing £4,884.53 per DSAR and taking 66 working hours to process, consuming around 30% of their working day.

“By far the biggest challenge facing DPOs is managing the sheer volume of personal data that needs to be reviewed before a response can go out,” said Hayley Youngs, UK & Ireland Group DPO for a global organisation. “It’s not unusual for a single request about an individual to generate multiple responses from different departments - each one containing attachments of various kinds that must be sorted and redacted before the DSAR process can be completed.”

This was posted in Bdaily's Members' News section by TH .