The UK Department for Work and Pensions (DWP) is to spend nearly £15m on GDPR compliance, in line with estimates for FTSE 100 firms and indicative of the size of the compliance burden placed on many large organizations.
The figures for the DWP came from a new report from think tank Parliament Street, which issued Freedom of Information requests to all government departments on their GDPR compliance spending.
Only a handful replied, but the findings revealed a huge disparity between the DWP spending of £14.7m and the figures given by The Treasury (£201,000), the Department for Transport (£547,000) and the Ministry of Justice (£547,000).
Included in the DWP’s spending plans were a program of education and awareness raising for all staff, system remediation and a review of the existing records storage arrangements.
It’s unclear whether it is spending on average more than other government departments, and if those figures are so high as a result of poor planning.
However, the think tank recommended the creation of a central government online hub to share GDPR compliance resources, strategies and best practices and to help them negotiate discounts on legal advice, software licenses and more.
The report also recommended government departments put more work out to tender to specialist organizations, claiming: “too much of this work is managed ‘in-house’ and external organizations should be given the opportunity to contribute to the process.”
In fact, the £15m figure touted by the DWP is pretty much in line with the estimated average spend of FTSE 100 companies, according to separate research from management consultancy Sia Partners.
“The minimum and average implementation cost per employee is consistent across firm size, with implementation costing £300-£450 on average per employee across all sectors,” the firm claimed.
Aside from banks, which have the highest spend, there are two distinct groups: £15m-£19m for energy, commodities & utilities, retail goods and technology & telecommunications firms; and all other sectors spending around the £5m-£11m mark.
A new report from KPMG this week revealed that over half (54%) of global organizations don’t feel ready for the GDPR, which lands in a month’s time.