The Costs of Data Protection, in particular for SMEs
Project: Research
Project participants
- Reindl, Andreas (Project manager, academic)
Description
There is a continuous tendency in European data protection law and regulation to increase protection standards and impose more limitations on how firms can use customer data. Data protection imposes costs on economic activity, and these costs should be recognized in data protection law and policy.
The project aimed to assess whether European and German data protection laws increase the costs of doing business for firms. The project focused in particular on costs related to efficient management of the firm (data protection could impose costs by making supervision and control of personnel more costly and therefore management less effective) and to the development and marketing of new products (data protection may make it more costly to obtain data from customers required to develop or market new products).
Should a cost benefit analysis play a more prominent role in determining whether changes to data protection are desirable, like it is used in many other areas where regulation affects business activity?
What do we know about cost awareness in SMEs, are costs od data protection empirically measurable?
Methods: Empirical study, interviews
Results: While there is a vague recognition that data protection does impose costs, it appears impossible to measure costs related to data protection in SMEs because a lack of awareness of data protection law requirements. Awareness of data protection laws and willingness to comply is developing gradually, but is still very uneven. Any meaningful measurement would have been possible only if compliance with data protection laws would have received more attention already before that last major legislative change in 2009, but before that time the topic was virtually non-existent for most SMEs.
The report shows why concerns about the costs of data protection should matter more when reforming data protection laws.
Documentation: Report (to be finalized in April 2013)
Limits: Lack of awareness of, and compliance with, data protection laws made empirical study and even report of anecdotal evidence impossible.
Follow-uo project: There were several contacts with organizations representing SMEs in Germany and the study may generate enough interest on their side to continue with a joint project.
The project aimed to assess whether European and German data protection laws increase the costs of doing business for firms. The project focused in particular on costs related to efficient management of the firm (data protection could impose costs by making supervision and control of personnel more costly and therefore management less effective) and to the development and marketing of new products (data protection may make it more costly to obtain data from customers required to develop or market new products).
Should a cost benefit analysis play a more prominent role in determining whether changes to data protection are desirable, like it is used in many other areas where regulation affects business activity?
What do we know about cost awareness in SMEs, are costs od data protection empirically measurable?
Methods: Empirical study, interviews
Results: While there is a vague recognition that data protection does impose costs, it appears impossible to measure costs related to data protection in SMEs because a lack of awareness of data protection law requirements. Awareness of data protection laws and willingness to comply is developing gradually, but is still very uneven. Any meaningful measurement would have been possible only if compliance with data protection laws would have received more attention already before that last major legislative change in 2009, but before that time the topic was virtually non-existent for most SMEs.
The report shows why concerns about the costs of data protection should matter more when reforming data protection laws.
Documentation: Report (to be finalized in April 2013)
Limits: Lack of awareness of, and compliance with, data protection laws made empirical study and even report of anecdotal evidence impossible.
Follow-uo project: There were several contacts with organizations representing SMEs in Germany and the study may generate enough interest on their side to continue with a joint project.
| Status | Finished |
|---|---|
| Period | 01.04.12 → 30.04.13 |