Not one UK business out of 506 surveyed by the Information Commissioner's Office was able to describe accurately the European Commission's ten proposed data protection reforms.
The European Commission proposed the reforms to its data protection regime in January last year. They include an obligation to notify authorities of a data breach, and the creation of right for data subjects to demand their data is deleted – "the right to be forgotten".
The EC itself claims that they will save the European economy €2.3 billion by harmonising the data protection rules in member states, but the UK's Ministry of Justice has estimated that they will cost UK businesses up to £320 million a year.
In order to gauge the expected economic impact of the reforms, the ICO commissioned research firm London Economics to survey UK businesses.
However, it found a low degree of understanding of the reforms, and of the cost of data protection in general.
The survey found that most businesses (82%) do not even know how much they currently spend on data protection. It is not surprising, then, that 87% could not estimate what the impact of the reforms would be.
Respondents were asked to describe the reforms as they understand them. Four out of ten had an inaccurate understanding of all ten reforms, and not one fully understands every one.
"A lack of understanding about the provisions in the EC’s proposed general data protection regulation persists across business," London Economics wrote in its report.
Information Commissioner Christopher Graham said the findings call into doubt some of the assumptions being made by the EC in driving the reforms.
"We’d urge the European Commission to take on board what [the report] says, and to refocus on the importance of developing legislation that delivers real protections for consumers without damaging business or hobbling regulators," he said in a statement.