UK government: EU DP Regulation would mean additional costs for business

The Ministry of Justice estimates that the cost burdens the EU DP Regulation would impose far outweigh the net benefits suggested by the EU Commission.

The Ministry says that the annual net cost to UK business (in 2012-13 earnings terms) would be between £100 million and £360 million. The main cost areas would be the requirements to employ a data protection officer (DPO), carry out data protection impact assessments (DPIAs), notify all personal data breaches to the supervisory authority, and the administrative cost of demonstrating compliance.

The government is still pushing for a Directive rather than a Regulation, and emphasises that the UK would like to see a data protection framework that will stimulate economic growth and innovation. The ministry's evidence suggests that companies prefer to operate under privacy laws similar to the US, rather than the more prescriptive EU laws. Also, the Regulation would make international transfers more cumbersome for UK businesses as currently the ICO does not require prior-approval.

The ministry’s impact assessment, published on 22 November, is based on responses from 143 private and public sector organisation to its Call for Evidence, desk-research, and additional consultation with data controllers.

The new regulation would repeal most, if not all, of the current DP Act. EU level negotiations are still going on at the Council of the European Union and the European Parliament.