Skills gap to blame for GDPR compliance woes

A new report suggests that most businesses are happy with their GDPR compliance posture, but the lack of skills in the space is leading to an increase in reported breaches

vulnerable gdpr breach security cyber attack 100747296 orig
Getty Images

More than two-thirds of UK organisations believe they are fully GDPR compliant, but the limitations of legacy systems and lack of the relevant skills in the market are hindering organisations of all sizes, a new report finds.

The research, conducted by Vitreous World on behalf of Manage Engine – the IT management arm of Zoho Corporation – asked 400 IT decision-makers from all sizes of organisation about their approach to IT, with a particular focus on security and GDPR compliance.

The State of IT in the UK Report 2019 found that 70 percent of all respondents believe their organisations are fully GDPR-compliant, but this slips to 54 percent among those working for SMEs.

Read next: GDPR tips: How to comply with the General Data Protection Regulation

The main factors cited in the research for lack of compliance at companies of all sizes were: working with legacy systems (48 percent), lack of awareness (43 percent) and lack of financial investment (42 percent).

Another important factor that didn't make the top three however is the skills required to remain compliant with the regulation.

Speaking at a breakfast event to present the research this morning, Giles Watkins, UK country leader at the International Association of Privacy Professionals (IAPP), said: "I think [organisations] were as prepared as they could be given the resources they had available and that is where you really start to get to the problem. There aren't enough people, still, skilled in this legislation and how to implement it; there is a skills gap."

The IAPP, which Watkins represents, is an organisation for privacy professionals, and of its 4,500 UK members, only 1,600 are qualified in GDPR compliance. "That is a fabulous number and has grown dramatically, but compared to the number of organisations we have in the UK it is a drop in the ocean," Watkins said. "What that tells me is there still isn't enough skills and knowledge in the UK businesses to fully implement, so I am not surprised by the stats."

Watkins points to the latest announcement from the Information Commissioners Office (ICO), which stated that there were 14,000 personal data breach reports in the past year – compared to 3,300 the year before.

"So there are more breaches or more people understanding they have been breached and reporting it, and I think it is the latter," he said. "That tells me the skills aren't there."

Read next: The biggest ICO fines for data protection breaches and GDPR contraventions

Copyright © 2019 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon