Organisations’ understanding of data not greatly improved by GDPR, poll finds

London, 30 July 2019 – The introduction of GDPR has not yet led to a substantial improvement in organisations’ understanding of their data according to a poll out today from ICSA: The Governance Institute and recruitment specialist The Core Partnership. The poll reveals that the majority of organisations surveyed (42%) feel that their understanding of data has stayed the same since GDPR was introduced. Some 39% of respondents believe that their understanding has improved significantly, however, while a further 17% think that is has improved slightly.

Some of the positives cited as resulting from the implementation of GDPR are:

  • Much more awareness of data issues than was previously the case
  • It has forced the organisation to review and update procedures right across the board and identified many gaps
  • It has made us cull our databases significantly
  • The law change has given our legal colleagues a seat at the table to ensure compliance is taken seriously not only when dealing with customers but right upstream as new processes/systems are being designed
  • Greater understanding of security of my own personal data in my personal life.

Some of the more negative comments include:

  • GDPR is a hassle and hasn’t advanced business. It’s only increased overheads
  • Huge burden on resources
  • GDPR has created much extra work for little extra benefit
  • Data subject access requests are taking a disproportionate amount of time and money to resolve
  • Significant compliance burden with no clear additional benefit to data subjects. The previous legislation seemed more than adequate.

According to Peter Swabey, Policy and Research Director at ICSA: ‘Some organisations feel that GDPR has added cost and complexity and that a sledgehammer has been used to crack a nut in terms of what GDPR has actually achieved. Others feel that it has helped them to clarify and make more efficient the systems and processes that use personal data. While GDPR has undoubtedly increased the compliance burden and costs, there are also benefits in that the profile of properly holding and protecting data has also significantly increased. While GDPR has concentrated people’s minds on personal data, it is a continuing obligation whose burden is yet to be fully felt. It should also be remembered that obligations under the UK’s Privacy and Electronic Communications Regulations (PECR) are of equal importance and it is important that organisations understand the interaction between GDPR, PECR and the Data Protection Act 2018.’

- Ends -

For further information, please contact Maria Brookes, Media Relations Manager:  
+44 (0)20 7612 7072
+44 (0)7890 649 143

Notes to Editors:

  1. ICSA: The Governance Institute is the professional body for governance. We have members in all sectors and are required by our Royal Charter to lead ‘effective governance and efficient administration of commerce, industry and public affairs’. With over 125 years’ experience, we work with regulators and policy makers to champion high standards of governance and provide qualifications, training and guidance. Website: 
  2. The Core Partnership is a niche market recruitment consultancy working with Company Secretaries and their teams to advise on and resource their specialist interim and permanent manpower needs. With relevant professional backgrounds spanning back to the 1990s, The Core Partnership has a wealth of knowledge of the development and dimensions of the role of the Company Secretary. The team provides market advice on relevant qualifications and experience, conducts salary and benchmarking exercises and works throughout the UK and overseas recruiting at all levels to this specific discipline. Website: 
  3. Previous ICSA-Core poll findings can be found at
  4. This poll is based on answers from 68 respondents across a variety of sectors.

Search CGI