£500,000 allocated to GDPR by the Department for Transport

The Department for Transport (DfT) has allocated a budget of £547,000 for the General Data Protection Regulation (GDPR), according to a new report from think tank Parliament Street.

The report illustrates £147,000 has already been spent preparing for the regulation; £23,000 was spent on staff training, £72,000 on hiring contingent labour and the remainder was associated with existing, internal, staff who have been working on the preparations. 

For the rest of 2018, a further £400,000 is estimated to be spent on GDPR; demonstrating how the DfT has understood the necessity in preparing for the new regulations and ensuring passengers on the network receive high standards of data management.

Parliament Street is an influential think tank in the UK and produces policy papers, research and recommendations to influence policy makers. These findings are contained in GDPR: The Impact on Government which examines the steps being taken by central government departments to ensure compliance with the new legislation.

Key recommendations in the policy paper include increasing staff training on GDPR fundamentals, sharing best practice between departments and collaborating with external specialist companies for support during implementation of the regulation.

For GDPR, The Ministry of Justice has a total allocated budget of £543,311, the Department for work and pensions are spending nearly £15 million and the Treasury has a total allocated budget of £200,783.

Peter Irikovsky, CEO of Exponea, commented: “It’s clear that the incoming GDPR presents significant financial and operational challenges for government departments, which are tasked with securely processing large volumes of personal data.  

“A major concern with this legislation is that many organisations are rushing to meet the impending deadline, hiring in external consultants and resources without being entirely certain that the changes made will deliver complete compliance. As such there is a real risk that many departments could be GDPR compliant in theory, but not in practice, due to the complex nature of their software vendors, many of which aren’t taking GDPR seriously. 

“With this in mind, isn’t it time that all organisations woke up to the need for independent, external certification of GDPR capabilities, that guarantee compliance? By raising standards through certification, departments can be sure they are adhering to these new regulations, protecting the organisation from financial penalties and delivering high standards of data management to the public.”