Report: IT directors believe EU data protection changes will raise costs

Businesses don't believe European Commission's assurances

The majority of IT directors from large businesses believe that proposed changes to the EU General Data Protection Regulation will raise costs for their organisations, despite claims to the contrary by the European Commission (EC).

Fifty-nine per cent of respondents to a recent survey among IT directors in large UK businesses thought that complying with the new rules will cost firms more than the current regime. That proportion rose to 72 per cent among IT directors in organisations with more than 3,000 employees.

This contradicts the view expressed by EC vice president Vivianne Reding that the new data protection regulations will cut costs for businesses - especially those that operate in more than one country - by unifying the separate rules that are currently applied across the 27 member states.

Business lobbying organisation the CBI voiced similar fears last month, saying that the new regulations will stifle innovation, restrict business and raise costs - which will ultimately be passed on to consumers.

The new regulations are part of the EC's drive to create a "single digital market". Although they have yet to be finalised - and parts have been actively opposed by some countries - a draft proposal was adopted by the Commission in January.

The report, EU General Data Protection Regulation - UK Enterprise Inquiry, was commissioned by security integrator SecureData and carried out by research firm Vanson Bourne among UK firms with more than 1,000 employees.

IT directors were not totally against the proposals: 64 per cent agreed that the regulations, if adopted, would improve business security processes and consumer data protection.

One of the features of the new rules is that data breaches must be published within 24 hours or firms will face fines.

However, 40 per cent of respondents think that this proposed deadline would advertise security weaknesses before appropriate security reviews had been completed. Thirty-six per cent said they fear "false alarms" from pressures to publish data breaches quickly to avoid fines.