Key takeaways from the report include:

  • Data protection profession calls for greater investment as privacy issues grow in importance
  • Impact of Brexit is a key concern as dataflows between the UK and rest of world become more complex
  • Most practitioners believe UK is ahead of other countries in how it manages data protection and privacy

Data protection professionals are calling out for more investment for internal resources, software systems and staff training, but only a quarter expect their budget to increase in the next 12 months, according to the findings of the first UK Data Protection Index.

The Index, launched by the Data Protection World Forum and The DPO Centre at the end of July, is based on a panel of UK data protection and privacy professionals and will be repeated every three months.

Nick James, chief executive of the Data Protection World Forum, said: “This is a unique listening exercise for us which, over time, will reveal what practitioners really think about the issues around them – and also what they think of themselves as a profession. I would urge any UK-based data protection practitioner to consider joining the panel.”

Rob Masson, CEO of The DPO Centre, said: “Data protection is one of the fastest growing areas of business in the UK and Covid-19 has placed it firmly at the top of the agenda for most companies. The initial findings from the  Index show how vital it is for organisations to get this right because it impacts across every part of your business from employees, to clients to dealing with regulatory authorities.”

When asked about pressures on budgets almost half (45%) expected their budget to remain the same in the next 12 months. Just more than quarter (28%) expected their budget to increase while 12% expected their budget to fall. Fifteen per cent did not know.

Respondents were asked, if their budget was increased by 20%, what would be the biggest investment priority. There were three clear winners: additional internal resources (38%), software and platforms (21%) and staff training (15%), None of the other options were chosen by more than 10% of respondents.

Just over a third of respondents (35%) rate their organisation’s compliance with GDPR at eight out of ten or above. In fact the average for all respondents is only a rating of 6.9. One in six (16%) panellists score their organisational compliance at 5 out of 10 or less.

The survey asked panellists to what extent the coronavirus pandemic had increased their organisation’s focus on data protection. The average score was 6.0 out of ten but the results were varied with almost a quarter (24%) scoring 8 or above, 37% scoring 5 or less (37%) and 39% scoring 6 or 7.

The view on the impact of Brexit was more clear, with 58% of panellists scoring it at 7 out of ten or more. A quarter scored it 5 out of ten or lower.

When asked to rate the performance of the ICO there was an average score of 6.4 but a lot of variance. Forty per cent rated the regulator at 8 out of ten or above, but 30% rated it at five out of ten or lower.

When given a range of options to rate as their biggest challenge in GDPR compliance over the next 12 months, the three most popular choices were:

  • Accountability/demonstrating compliance 22%
  • Data retention 18%
  • Brexit 15%

There was genuinely a positive feeling about the data protection laws which affect the UK versus other regulatory regimes – about three quarters of panellists (72%) rated the UK at 7 or above. Only 21% rated the UK at 5 or below.

The survey asked panellists about the impact of the CJEU ruling to invalidate the EU-US Privacy Shield and the results were varied: 45% rated the impact as seven out of ten or higher while almost a third (31%) rated it as 4 or lower.

The UK Data Protection Index (organised by the Data Protection World Forum and The DPO Centre) will run every quarter and over time will build a unique picture of the profession and its views. The full report of the first UK Data Protection Index survey was published on 13 August. To sign up to become a member of the UK Data Protection Index, please visit