According to an independent report from London Economics commissioned by the Information Commissioner's Office, 40 per cent of companies don’t fully understand any of the ten main provisions being proposed by the EU regarding data protection reforms.
The European Commission proposed the reforms in January last year, including an obligation to notify authorities of a data breach, and the creation of right for data subjects to demand their data is deleted.
The European Commission claims that making the data protection rules consistent across its member states will save the European economy €2.3 billion.
However, the report has detailed the widespread lack of understanding around the EU data reforms, with 87 per cent of companies unable to estimate the cost of expenditure on meeting their data protection responsibilities under any new EU laws.
The UK's Ministry of Justice has estimated that they will cost UK businesses up to £320 million a year.
506 businesses were surveyed for the report, with most (82 per cent) of respondents unable to quantify their current spending on data protection.
Currently, the estimated average costs of data protection are skewed by a small number of observations by large organisations, who are more able to put a figure on their data protection expenditure. The vast majority of companies with over 250 employees or processing more than 100,000 records already employ a member of staff focused on data protection compliance, a key part of EU proposals.
The report also stated the key sectors that need to be targeted with information about the plans, including the service sector (specifically health and social work), financial and insurance services and public administration.
Information Commissioner Christopher Graham commented on the report: "The key is finding the right balance between the theory and the practice of strong data protection rights. Inevitably, there will be burdens for those who have to deliver the benefits, whether businesses or regulators. The question is does the benefit justify the burden?”
Chris Combemale, executive director of the Direct Marketing Association, added: "We agree with the Information Commissioner that data protection legislation needs to be updated and that any proposed legislation must be based on evidence. In 2012, the DMA published research into consumers' actual attitudes to data privacy. Seven in 10 consumers said they're willing to share their information with brands in exchange for free services or better benefits.
"Updated data privacy legislation must preserve the free flow of information between consumers and the brands they share their information with. Failure to do so will come at a great cost to consumers and businesses alike."