The Information Commissioner’s Office report into the implications of reform of the European Union’s rules on data protection found 40 per cent of the 506 companies polled did not understand any of the 10 main provisions proposed.
Elsewhere, the majority (87 per cent) were unable to quantify the costs of implementing the regulations.
The draft data protection regulation contains several measures that will have a huge impact on direct and online marketing. Proposals include stipulation marketers will have to gain explicit consent from consumers to use their personal data for campaigns rather than rely on implied consent from a consumer’s silence and a new “right to be forgotten” clause that allows consumers to insist that data collected online is deleted unless a company can demonstrate a legitimate reason to keep it.
It has been slammed by industry bodies such as the Internet Advertising Bureau and Direct Marketing Association, which have warned the restrictions pose a “severe threat” to their channels. The UK’s Ministry of Justice has also expressed concern the rules are “over prescriptive” and could cost businesses up to £320m a year to implement.
In the report, the ICO says it will concentrate education efforts on areas such as the “right to be forgotten”, which was found to be particularly confusing to companies. It will also focus on increasing awareness of the need to employ data protection officers and on fresh data portability provisions.
Organisations involved in “data-intensive” activities such as the those operating in the health, finance and insurance sectors will also be a focus, the ICO adds.
The data protection reforms are currently being prepared for a vote in the European Parliament. The resulting regulation will then be passed to the European Council before being sent to national Governments for implementation. Unlike the current data protection rules, the bill will be imposed uniformly across all 27 member states to avoid fragmentation.