Privacy & Information Security Law Blog

On November 22, 2012, the UK Ministry of Justice released a written ministerial statement (“Statement”) announcing the publication of its Government Impact Assessment on the European Commission’s legislative reform package on the EU data protection framework. The European Commission has claimed that a regulation implementing a single set of data protection rules across the European Union would save businesses around €2.3 billion a year. In its Statement, the Ministry of Justice disagrees, stating that the Commission’s proposals will impose burdens that “far outweigh” the benefits. At a time of great economic upheaval across Europe, the Ministry of Justice asserts that the regulatory burden should be reduced, not increased, to stimulate growth, and that it is “difficult therefore to justify the extra red-tape and tick box compliance that the proposals represent.” The Ministry of Justice also notes that “[t]he UK Government is seriously concerned about the potential economic impact of the proposed data protection Regulation.”

According to the Government Impact Assessment, compliance with the proposed data protection regulation would cost the UK between £100 million and £360 annually, including:

• reporting data loss breaches at approximately £90 million per year;
• conducting data protection impact assessments at approximately £80 million per year;
• employing data protection officers at approximately £160 million per year; and
• demonstrating compliance with the new requirements at approximately £30 million per year.

The UK Government will use the Impact Assessment during ongoing negotiations in Brussels to push for changes to the current draft of the proposed General Data Protection Regulation, as the UK continues to lobby for “a lasting data protection framework that is proportionate, and that minimizes the burdens on businesses and other organisations, whilst giving individuals real protection in how their personal is processed.”