ICO says business not ready for EU data protection reforms
Information Commissioners Office research finds low understanding among UK businesses
Many businesses don't understand what will be expected of them to comply with the EU's reforms of data protection laws, according to a report by the Information Commissioners Office (ICO).
Consultancy firm London Economics, which surveyed 560 UK businesses on behalf of the ICO in January, found that 40% of companies do not understand any of the 10 main provisions being proposed.
Moreover, most respondents (82%) are in the dark over how much they currently spend on data protection, and 87% could not estimate the likely costs of the EU's draft proposals to their business.
The EU is proposing to replace the current 18 year-old patchwork approach to data protection legislation with a single law on data handling, with which every member state would have to comply. This could have a significant effect on how companies of all sizes handle information on their customers.
The report says that the proposals could cost small and midsized businesses an average of £76,000 annually, which translates to £47 billion per year to UK business as a whole.
It says a particular concern for SMBs will be "conditions for consent", under which businesses will have to prove that the consumer gave consent for their personal data to be stored. The costs of printing, storing and, if asked, producing hard copies would be considerable.
Savings and costs
The European Commission claims the reforms will save the European economy €2.3 billion per year, but the UK's Ministry of Justice has estimated that they will cost UK businesses up to £320 million annually.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
An ICO spokesman told TRPro that it was too soon to assess whether the EU's data directive will have a disproportionately negative impact on small businesses.
Information Commissioner Christopher Graham said: "Few people I've spoken to disagree with the need for an updated European data protection law to better meet the challenges of the 21st century."
He added: "But to deliver real improvements, it's crucial that legislation is developed that better reflects the way personal information is used today and will be used in the future.
"There has been much talk of 'what is best for business', but that must be based on valid evidence. This reform is too important for guesswork."