Page 131 - Straight Talk On Project Management IV
P. 131
reputation that a firm may suffer following a cyber-attack. Furthermore, in this case, BA was also
threatened with a £500 million class-action lawsuit.
The high-profile cases, like BA, grab the headlines but it is another BA altogether that concerned
CIOs that we’ve been talking to. Business Analysts became so sought after during the initial GDPR
compliance preparations that firms were struggling to find them. Our sister company, Access Talent,
the IT Project recruitment specialist, reported a surge in enquiries for this role post-GDPR too. As
more businesses are needing BAs with regulatory experience to help create guiding principles on
how their information is governed, hirers are increasingly toiling in vain to find business-facing talent
to fill these roles. As a result, the Project Management as a Service market is doing a roaring trade in
Business Analysts – this market should be your first port of call if you too are having difficulty finding
BA talent to add to your staff headcount.
Another consequence of diverting attention and resources into projects initiated just to make firms
GDPR compliant is that, often, something somewhere else in the portfolio has to suffer. Few project
operations factored this in, few organisations had budgeted for extra resources, so it fell to the in-
house IT team to do what in-house IT teams always do – they had to deal with it. This meant a lot of
burning of candles at both ends which would have been OK for the short-term fixes that were being
worked upon last May and June. Over a year later though, many firms still have longer term GDPR
projects that are sapping resources needed elsewhere and strategic business change projects are
falling behind or not delivering their full potential. The PMaaS market is geared up to help with this –
you should ask your Project Management Services partner to take a look at your portfolio and
recommend resources.
GDPR is having and will continue to have an impact on the efficiency of project teams. Based on the
number of cases reported, attacks are trending upwards. By just August last year, the ICO revealed
that data breach complaints were up 160% in the three months or so since GDPR had come into
force.
Now, a year on from those figures, the ICO just published its Annual Report and it is clear that this
was only the beginning. In this first Annual Report since GDPR took effect, the ICO reports
complaints from the public almost doubled.
The ICO also reported a considerable increase in reports of data breaches that it received from
companies, including 13,840 personal data breach reports under GDPR. This is more than four times
the number received in 2017-18 and cybersecurity was cited as being at the root of many of these.
There is good news in the ICO’s Annual Report though, in more than one in eight (82%) of breaches,
the reporting organisation had sufficient measures in place, or was taking appropriate steps to
address the breach, that the ICO was not minded to take any further action. Furthermore, in fewer
than 1% of cases, the ICO began proceedings beyond issuing recommendations or advising further
action, and just 0.05% of cases resulted in financial penalty.
While it seems that UK businesses are over-reporting data breaches, the ICO states that this is a sign
that organisations "are taking the requirements of the GDPR and DPA 2018 (Data Protection Act
2018) seriously" and, they say, "it is encouraging that these breaches are being proactively reported
to us."
Less encouraging, but at the same time inevitable, is the increase in cyber attacks and the
increasingly sophisticated tactics being used by the criminals but with just 0.05% of cases resulting in
financial penalty, it’s not worth losing sleep over, right?
My old maths teacher had an interesting take on our perception of percentages, she would have said
"0.05% is only a small number if you're part of the 99.05%. If you're part of the 0.05% it's
