Posts

Making the Digital Pledge work – ITProPortal

Adrian Barrett, CEO, Exonar

Local Government Minister Rishi Sunak recently launched a ‘digital pledge’ for local authorities and a £7.5 million fund to help them transform their online services. It’s an interesting move and one I hope will unlock innovation as intended.

Local councils are under such pressure to save money that an investment like this could kick start some fresh thinking and new approaches to solving problems that plague budgets. However, signing a declaration to say that your council will apply digital technology to problem solving is one thing, making technology really work hard for you is another.

exo.nr/DigitalPledge

The Impact of Privacy on the Public Sector

Data Requests Under GDPR to Push Cost to Public Sector Past £30 million

  • Annual costs to complete requests for personal data reach £20.6m for NHS and £7.9m for local government
  • £2.1m gap will emerge as organisations can no longer charge a fee to complete requests
  • Some 30million requests are expected across public and private sector this coming year, which will cost UK PLC £4.5bn

Newbury, UK, 4 July 2018: New research released today shows that public sector organisations face increased financial pressure as a result of the recently implemented General Data Protection Regulation (GDPR), to the tune of £30million per year. The NHS is expected to be hit hardest by the influx in data requests, given that before the introduction it cost the NHS £20.6million per year to retrieve customer data.

The impact of GDPR doesn’t stop there. Further new guidelines ruling that in most cases an organisation must also complete requests free of charge are an extra blow to budgets. This marks a key change from previous guidelines under the 1998 Data Protection Act (DPA), which allowed a processing fee to be charged. As such, a £2.1m gap in income per year is expected to emerge.

The detail behind the numbers:

The figures are the result of an extensive Freedom of Information (FOI) Act request made by Exonar, a leading provider of GDPR data mapping and data inventory solutions, to 458 organisations, including NHS Trusts (206), local government (125), central government (61) and emergency services (66) from across the UK.

The FOIs asked for the number of subject access requests (SARs) received by the organisation in 2014, 2015, and 2016* and the cost of processing each SAR.

On average, a SAR cost £145.46 to process, though some bodies admitted it costs much more, sometimes running as high as £1,800 such was the complexity of finding data and the associated administration. Multiplying the average cost to complete a SAR with the number of SARs received by the respondents in 2016 (209,023), results in a total administration cost to the public sector of £30.4 million.

Each organisation could previously have recouped some of the cost and charged a recommended £10 fee to complete a SAR but under GDPR they will no longer be able to, resulting in a £2.1m deficit that is set to grow wider as more requests are made.

NHS will be hit hardest

The study found that on average each NHS Trust already receives 800 requests per year. Multiplying this by the average cost of processing SARs and then by the 241 Trusts in the UK, the total cost to the NHS of managing SARs stands at £20.6million annually. It’s expected this will only go up as more people become aware of their rights.

In general, the public sector will struggle to meet SAR response deadlines

The GDPR has trimmed the amount of time that organisations have to complete SAR requests from 40 days – as per the 1998 DPA – to one month.

Exonar’s research found that many organisations struggled to meet the deadline for providing answers to its FOI requests (requests must be completed within 20 working days), highlighting the difficulty that many will face complying with requests under the new GDPR requirements.

The time to respond to an FOI varied from one day to 159 days. On average it took 24 days, with the NHS averaging 27, emergency services 21, central government 22 and local government 23 days.

Some Trusts can’t put a figure on the cost of processing a SAR

Some NHS Trusts declined to provide a figure such was the complexity of finding all the data related to a person. One such Trust was Calderdale and Huddersfield NHS Foundation Trust, which though couldn’t provide a figure, highlighted that the costs would include 3 WTE band 2 staff (approx. £16,500 pa each), plus costs such as discs costing £1,044/year, envelopes with an annual cost of £40, and postage costs at £1.48 per patient.

The Trust added that this would be a minimum cost and there are other costs that “cannot be quantified”, such as involvement of management, clinicians, physio and health visitors, finance and even X-ray costs.

Adrian Barrett, CEO and founder of Exonar, said that the variance in time taken to respond demonstrates how complex a task SARs are in the public sector: “The good news is the public sector is taking its responsibility to do a thorough job and find all the data pertaining to a person seriously. However, there’s a heavy process burden, especially when multiple bodies are involved, and the NHS in particular needs an alternative to manpower to trace data if it is to avoid penalties of non-compliance.”

Adrian adds that digital initiatives in the public sector have to be accelerated to relieve the burden on the public purse: “Our estimates on the costs of managing SARs is probably conservative but we do expect an immediate bow wave in response to all the GDPR emails we saw in May and June.

“Because the public now knows about the GDPR they are more likely to raise more SARs, and if there is a sudden wave of requests the public sector will be stretched further. It’s clear that the government needs to take advantage of new technology, particularly artificial intelligence, to help the public sector become more efficient with handling, organising and retrieving its data.”

Local government also hit hard to tune of £7.9million

For local government the cost of managing a SAR stands at £596. With each council receiving around 138 SARs annually, the 418 local government bodies across the UK could expect to see total costs of £7.9million/ year. This number is expected to rise given that between 2014 and 2016 the number of SARs jumped from 15,173 to 17,274.

It’s estimated by Exonar that an average SAR will run to thousands of pages as complete medical histories and the like are produced. It’s a reflection of the situation in the private sector, where a bank provided 2 boxes of paper for a single customer who had banked with them for 25 years.**

Barrett says the total number of SARs could cost UK PLC billions: “We expect 30 million requests to be made this year to private businesses of all sizes and the public sector. If we assume the cost to process a SAR is the same in public and private sectors, then the cost to UK PLC stands at £4.5bn. That’s an extraordinary sum to set against admin that has no value to a company.”

A copy of the full report, which details all the findings and compares NHS, Emergency services, local and central government can be requested here.

Notes to editors
*complete data for 2017 was not available
** A limited scope SAR submitted to a high street bank that a customer had been with for over 20 years generated over 800 sheets paper, enough to fill two DHL boxes. An image showing the results is here.
Additional research related to how the public will react to their new-found data rights is here. It highlights that 57% of UK adults would raise a SAR on companies and public sector organisations once GDPR was explained to them.

About the research
458 public sector organisations responded to FOI requests between September and November 2017. The FOI asked for number of SARs received between 2014-2016 and the cost to complete a SAR. 206 NHS Trusts, 125 local government, 61 central government and 66 emergency services from across the UK completed the request.
Numbers have been calculated by averaging the figures provided by the different sectors to provide sector comparisons in particular for the NHS and local government. There are 418 local government bodies, and 241 NHS Trusts.

About Exonar
Exonar solves a problem common to all organisations and their senior information owners, “I just don’t know what I’ve got”. Exonar finds and fixes an organisations’ information, from databases to documents – instantly and at scale. We use machine learning to understand what’s important, where it is and who has access to it.
Exonar identifies documents containing passwords, customer and confidential information enabling successful governance, risk management, document retention, cyber security and compliance with forthcoming regulations such as GDPR – with ease.
We enable organisations to better organise their information, removing risk and making it more productive and secure. Visit us at exonar.com or follow us @Exonar.

 

Can you handle the Sauce Ex Challenge? Infosecurity Europe

5 Questions – 5 Crackers – 5 Litres of HOT SAUCE!

See us on stand R145, Infosecurity Europe 2018 – Olympia, London, 5-7 June 2018

Choose either Ghost GDPepR ‘Sauce Ex’ (1m scovilles) or ‘Regret’ (12m scovilles) and test your GDPR knowledge in the hottest competition at Infosecurity Europe, 2018.

GDPR is ‘the’ hot topic so we thought we’d spice things up and test your knowledge of the new legislation… whilst tasting some of the hottest chilli sauce available to liven it up!

Come and visit Exonar on Stand R145. If you’re clued up enough on the hotspots of GDPR, you’ll get a chance to enjoy our hot new release. No, not a new Exonar platform feature – our very own Sauce EX.

We like our spice down in Newbury – or ‘Silicon Canal’ as we like to call it – and Sauce EX is our homage to the superlatives of the Scoville Scale and the devilry of data management. A fiery, wickedly delicious and limited edition creation made from ultra-lively habanero and ghost chillies, it’s available exclusively and only to Infosecurity Europe visitors. Answer all five questions correctly in the fastest time without reaching for the milk and you’ll win your own 5 litre bottle of Sauce EX that’ll add some serious extra heat to your BBQs this summer.

So, if you think you’ve got the ‘fright’ stuff, pop down to Stand R145 and take your taste buds on an adventure they won’t forget. Remember: you can’t delegate this one to the DPO – they’ve already got some hot stuff on their plate.

Exonar CEO, Adrian Barrett and Business Development Director, Sean Campbell took the challenge without the need for any milk!

For further information, please contact: tellmemore@exonar.com
#sauceex