Information Commissioner's Office
Printable version | E-mail this to a friend |
Report highlights uncertainty on cost of EU data protection reform
- 40 per cent of companies don’t fully understand any of the ten main provisions being proposed
- 87 per cent unable to estimate likely costs of draft proposals to their business
- ‘Debate must be based on valid evidence. This reform is too important for guesswork’ – Information Commissioner
An independent survey commissioned by the Information Commissioner’s Office has found a clear lack of understanding across business around the proposed EU data reforms.
That uncertainty extends to businesses’ estimated cost expenditure on meeting their data protection responsibilities under the any new law, bringing into question the data on costs found in existing evidence, for instance figures produced by the European Commission and Ministry of Justice.
The findings were published yesterday in a report by London Economics. It was commissioned by the ICO to better understand the challenges the planned reforms would place on UK businesses, and included a survey of 506 businesses.
The study also found:
- 82 per cent of survey respondents were unable to quantify their current spending on data protection
- Estimated average costs of data protection are skewed by a small number of observations by large organisations, who are more able to put a figure on their data protection expenditure
- The vast majority of companies with over 250 employees or processing more than 100,000 records already employ a member of staff focused on data protection compliance, a key part of EU proposals
- Key sectors need to be targeted with information about the plans: the service sector (specifically health and social work), financial and insurance services and public administration
The report was launched yesterday at the third European Data Protection Day conference in Berlin. Information Commissioner Christopher Graham said:
"Few people I’ve spoken to disagree with the need for an updated European data protection law to better meet the challenges of the 21st century. But to deliver real improvements, it’s crucial that legislation is developed that better reflects the way personal information is used today and will be used in the future.
"The key is finding the right balance between the theory and the practice of strong data protection rights. Inevitably, there will be burdens for those who have to deliver the benefits, whether businesses or regulators. The question is does the benefit justify the burden?"There has been much talk of ‘what is best for business’, but that must be based on valid evidence. This reform is too important for guesswork.
"Today’s report is the latest contribution from the ICO to this debate. We’d urge the European Commission to take on board what it says, and to refocus on the importance of developing legislation that delivers real protections for consumers without damaging business or hobbling regulators."Similarly, businesses and other stakeholders need to constructively engage with the debate about burdens and the importance of privacy rights, while the process can still be influenced."
View the full report including executive summary (pdf)
Read our blog posts introducing the EU data reforms and explaining the key areas of debate.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn. Keep up to date on the ICO blog and e-newsletter.
4. For more information, please contact the ICO press office on 0303 123 9070.