GDPR a key driver of investment
BDO’s latest survey of housing associations found that 89% of respondents have invested in additional resources in order to comply with the new data requirements of GDPR, which come into force from 25 May 2018.
The results of this survey were published in our second Social Housing Barometer providing a snapshot of economic and business confidence of housing associations across the UK, with a particular focus on the areas of risk and strategic priorities.
Despite the recorded increase in investment preparing for GDPR, it would seem that housing associations are finding the process challenging, with only 7% of those surveyed saying that they are already compliant. 44% of those surveyed claim to be on target, and 7% are reportedly behind schedule to meet the May deadline.
With the deadline now only a few weeks away, GDPR is currently a hot topic for most businesses. But for housing associations, the challenge is considerably more complex than in many other sectors due to the large volumes and the nature of the data organisations hold.
Sensitive data held by housing associations makes GDPR more challenging
Phil Cliftlands, National Head of Housing at BDO says:
“In my experience of this challenge across multiple sectors, I would suggest that the reality of the situation may be that more housing associations will struggle to meet the deadline than these results indicate.
“Much of the data held by housing associations is sensitive, personal information about their tenants, and often the systems these organisations are using are not necessarily fit for purpose to handle data in such a way.”
Tim Foster, who heads up BDO’s Risk and Advisory team in the Midlands, agrees:
“Even though many housing associations are investing substantial resources in tackling GDPR, some of those surveyed may be underestimating the complexity and extent of the work needed to be fully compliant.
“Housing associations face challenges not only around accessing data and how easy this will be going forward, but also when it comes to disposing of data. Data will likely be held in multiple systems within an organisation but also on laptops, smartphones, tablets and email accounts – this may have additional complexities if organisations have recently merged or are part of a larger group where legacy systems storing historical data may still be accessible, or if multiple systems are being used.”
Saying this, housing associations may be able to avoid maximum penalty fines if they can prove to have made genuine efforts to comply with the new data regulations; however, those with weak GDPR compliance frameworks may be vulnerable.
GDPR higher on the risk agenda
41% of those surveyed identified data as a top five risk area - an increase of 12% in just six months. The investment needed in technology and processes is essential and links with skills and resources, the second most commonly identified risk.
Information technology is one of the main areas where there is a clear skills gap, and this coupled with the need for investment in IT makes it an ever-increasing challenge.
BDO carry out the social housing survey every six months and will be reporting on this subject again post-deadline when there will be a clearer picture of how the sector has risen to the challenge of GDPR.
Read the Social Housing Barometer in full.
To talk to one of our experts regarding GDPR compliancy in more detail, please do get in touch.