Data Requests Under GDPR to Push Cost to Public Sector Past £30 million
New Exonar research released July 4th 2018, shows that public sector organisations face increased financial pressure as a result of the recently implemented General Data Protection Regulation (GDPR), to the tune of £30million per year. The NHS is expected to be hit hardest by the influx in data requests, given that before the introduction it cost the NHS £20.6million per year to retrieve customer data.
Annual costs to complete requests for personal data reach £20.6m for NHS and £7.9m for local government
£2.1m gap will emerge as organisations can no longer charge a fee to complete requests
Some 30million requests are expected across public and private sector this coming year, which will cost UK PLC £4.5bn
SARs and their impact
Average cost to complete a SAR = £145.46
Exonar’s FOI requests asked a total of 458 organisations from the NHS, central government, local government and the emergency services about the number of SARs received during 2014, 2015 and 2016, as well as the costs involved in dealing with them.
The average cost to a public sector organisation to complete a SAR was £145.46. If we multiply the average cost to complete a SAR with the number of SARs received by the public sector research respondents in 2016 (209,023) the total cost to them was £30.4 million.
If we applied the average cost per SAR to the over 30 million expected requests that will be made to UK organisations post-GDPR according to our research in 2017, then the total additional cost to UK businesses will be in the region of £4.5 billion.
Local government under pressure
Local government also hit hard to tune of £7.9million
Although a distant second to the NHS, local government organisations need to be wary of any increases in SAR requests.
Their cost of managing a SAR stands as high as £596 but was on average £136.95. With each council receiving around 138 SARs annually, the 418 local government bodies across the UK could expect to see total costs of £7.9million/ year. This number is expected to rise given that between 2014 and 2016 the number of SARs jumped from 15,173 to 17,274.
Under the terms of the GDPR, organisations now have 25% less time to complete a SAR request
The GDPR has trimmed the amount of time that organisations have to complete SAR requests from 40 days – as per the 1998 DPA – to one month.
Exonar’s research found that many organisations struggled to meet the deadline for providing answers to its FOI requests (requests must be completed within 20 working days), demonstrating the difficulty that many face in complying with requests under the new GDPR requirements.
The time to respond to an FOI varied wildly from one day to 159 days. On average it took 24 days, with the NHS averaging 27, emergency services 21, central government 22 and local government 23 days.
The environmental impact
A staggering amount of paper is used to complete a SAR
Exonar estimates that if a SAR request used only one ream of paper, it would use 6% of a tree per request and produce approx. 4.3kg of Co2 emissions from the production of paper, print and delivery. Exonar’s SAR preparedness research established that 57% of UK adults (approximately 50m) would make a SAR resulting in 122,550 metric tons of Co2 emissions.
Organisations can provide the personal data they hold on individuals in digital form, and 92% of the British Public told Exonar in 2017 that is how they would prefer to receive it.
122,550 metric tons Co2 =
pounds of coal burned
homes’ power for a year
Get the Report
Read the full results of our research
Our research shows that the recently implemented General Data Protection Regulation (GDPR) will cripple the NHS to the tune of more than £20.6million annually as it struggles to efficiently deal with completing requests for personal data.
Fill in the form to get access to all the insights.
We are committed to respecting your privacy and protecting your personal information. We try hard to make our communications with you interesting and relevant and always with a view to providing insight into our industry challenges and their solutions. Maybe opt for giving us a try and tick the box – you can opt out at any time. We promise not to spam you!