What we found (part one) – the people challenges

07 February 2019

Our financial services survey on General Data Protection Regulation (GDPR) compliance found that financial services firms aren’t fully confident in their Data Protection Officer or resource.

Level and skills of GDPR resource

Our research showed that over 60 per cent of financial services firms lack confidence in having the right levels of resource in place to manage ongoing obligations. Additionally, only half of firms were fully confident in the skills of their resource. 

One way to bridge the gap could be to simply hire more staff, but the market for staff in this area is already competitive and with the increased profile and responsibility of these roles, salary expectations are further increasing. Furthermore, we are starting to see a scarcity of talent in the market and, as firms start to increase headcount to bridge gaps, a war for talent could break out. 

Skills and expertise of the Data Protection Officer

We also found that while only less than 5 percent of firms were unconfident in their Data Protection Officer (DPO) hire, only 57 percent were fully confident that they have the right skills and expertise. 

This uncertainty may be partially because the nature of the DPO role can vary significantly depending on the type of financial services institution and its primary functions. There is need for scalable resource to manage both proactive and reactive demands of the DPO role. 

We have seen that those hiring don’t always have practical experience to understand the level of support their organisation requires, or to perform a meaningful cost-benefit analysis. This has the potential to result in firms not hiring the right people for the role or underestimating the level of resource required.

Benefits of upskilling

Upskilling the DPO and other GDPR resources is an effective and cost efficient way that financial services firms can address these people challenges.

Upskilling any personnel in data processing roles (whether or not they realise it) is essential to managing an organisation’s day to day compliance responsibilities, without over burdening the DPO. This frees time for the DPO to instead focus on the core parts of the role; proactively informing, advising, monitoring, and interfacing with the business on data privacy issues and incidents.

How RSM can help

One way we help organisations respond to the people challenges of GDPR is through upskilling their DPO, their teams, and key stakeholders in the wider organisation. 

At RSM, we take a risk-based approach and tailor fractional, scalable DPO advisory services to support your existing infrastructure, people and processes in a cost-effective way.

If you would like to find out more about how we can support you in managing ongoing GDPR compliance, please contact our data protection specialists Sarah Reynolds or Steven Snaith

GDPR webinar - 9 months on, what's next?

Many organisations spent time and effort preparing for GDPR compliance in advance of the May 2018 deadline, but what happens now?