The public sector is facing a challenge to upgrade information management systems in time for new regulation judging by an enlightening survey we have undertaken at Crown Records Management.
The EU General Data Protection Regulation (EU GDPR) is due to be in place by May 2018 and, despite Brexit, will have huge implications for UK business. After all, it will apply to any business which stores or processes the personal data of European citizens – and the regulation provides EU citizens with far greater rights to ask for their data to be edited or deleted.
It isn’t only EU citizens who will enjoy those rights, either. UK citizens can expect pretty similar rights as the new UK Data Bill goes through the House of Lords, granting them very similar advantages.
That will be a big challenge for the public sector in the UK which will need up-to-date and watertight information management systems in place to ensure data can be found in the first place – let alone stored in a format which makes it editable.
Impact of GDPR
Importantly, GDPR legislation will also introduce huge fines for data breaches and provide strict guidelines on how quickly any breach is reported.
Despite this, Crown Records Management’s survey showed a worrying trend for those in the public sector not to upgrade servers often enough and not to have robust information management systems in place.
The survey – undertaken by Censuswide, an independent research agency – polled IT decision makers in companies of 100-1000 employees, discussing topics from data protection to long-term digital preservation and dark data – and it should make managers in the public sector sit up and take notice.
It showed that:
- Only 36 per cent of those surveyed in the public sector regularly upgrade their servers, compared to 60% overall.
- 21 per cent of those surveyed in the public sector did not have a comprehensive information governance programme, compared to 15% overall.
- Only 36 per cent of those surveyed within the public sector said that they were able to quickly locate and retrieve electronic records when required, compared to 46 per cent overall.
- 11 per cent of those surveyed in the public sector were “not that confident” they have a full and accurate picture of all the information they held in their business, compared to 4 per cent overall.
- 18 per cent in the sector do not have a system in place to preserve electronic information stored for longer than five years.
- Only 20 per cent regularly review formats on which data is held.
- As many as 11 per cent of those surveyed in the public sector had not begun any preparations for the introduction of the EU GDPR, compared to just 4% overall.
These are worrying results – especially as the survey, conducted before this year’s General Election, also showed that more than one in four in the public sector believed the EU General Data Protection Regulation would not apply to the UK after Brexit. Already, we have found this isn’t true.
Volume of data
It is not only regulation that should make the public sector nervous, either.
The sheer volume of data created in the sector leaves it open not just to breaches but also to the possibility that much of the information stored may not be readable in future.
As technology advances at an ever-faster rate the prospect of previously popular formats becoming obsolete is growing all the time.
Given that that much of the information stored in the public sector is subject to legal guidelines stipulating how long it should be kept for, that should be a big concern.
For almost one in five to say they do not have a system in place to preserve electronic information for longer than five years is a real concern.
This is not a time to hold back on reforms or on upgrades because with the amount of data increasing by the day, these issues are only going to become more problematic in future.
The best course is for organisations to seek advice from professional information consultants such as Crown Records Management, who can undertake information and data audits and provide consultancy on how to ensure information governance systems are fit for purpose.