The Information Commissioner's Office could find itself £42.8 million short of funding if the European Commission's proposed data protection rules are ratified, according to a committee of MPs.
On one hand, the ICO will require an extra £28 million per year, mostly for extra staff, to enforce the new laws, the Commons justice committee found. This is because there will be more data breach investigations, data controlllers will require more support and there will be more fines to enforce.
On the other hand, the regulator will lose £15 million – the lion's share of its funding – from the fees that businesses pay to register under the Data Protection Act, which are to be scrapped under the proposed new regime.
The ICO's workload is also set to increase following the Leveson Report, the committee said, which recommended that it be given the power to initiate criminal proceedings.
Besides the £15 million it get from notification fees, the ICO receives a budget of £4.25 million from the Ministry of Justice to fund its work related to the Freedom of Information Act.
Information Commissioner Christopher Graham said the committee's budget shortfall estimate is a "worst case scenario, and is based on a proposed legislative framework that is ever changing.
"It’s certainly helpful to have an influential parliamentary committee setting out the funding challenges we face, though it’s important to take on board the full context, and not simply the headline comments," he wrote in a blog post.
A spokesperon for the ICO said the data reform bill, as it currently stands, would oblige the ICO to take a "more prescriptive approach, whereas what we do at the moment is very risk-based.
"The reforms would … make sure everybody abides by tick box-style rules."