Photo by Omar Havana/Getty Images
It is proposed by the EU to simplify the general data protection regulation, industry bodies and campaign groups are cautious.
Changes come as part of a broader effort to simplify the EU regulation to facilitate the block to compete with the US and China. And their main goal is to facilitate reports of reports for small businesses, but there is also reason for broader reforms at a later stage.
Currently, only businesses with less than 250 employees are exempt from the requirement to maintain detailed records of their data processing activities, including the purposes of processing, the categories of data held and the recipient of third parties, together with, where possible, a description of their technical and organizational measures.
Now, however, this exemption has expanded to companies with less than 750 employees and either less than 150 million euros in turnover or less than 129 million euros in total assets.
The exemption is valid unless their data processing is likely to lead to a “high risk” for the rights and freedoms of the data subjects or where they process special category data.
According to the European Commission, there are about 38,000 of these small mid -capitalization companies in all EU Member States.
“Bureaucracy cutting and simplification rules mean that businesses are given the freedom to innovate, develop and create jobs,” said Stéphane Séjourné, executive vice -president of prosperity and industrial strategy.
“Today’s Omnibus is another step on this issue, expanding new benefits to small and medium -sized companies and ensuring that the legislation is aligned with reality in reality.”
However, the changes receive a cautious answer. To one open letterCollective European digital rights of civil rights said it is concerned that changes may not represent a true simplification, but could instead overthrow the guarantees of basic accountability.
“In practice, they could allow some companies to avoid maintaining data processing files (even when handling specific data categories) only based on personnel or turnover.” The letter reads.
“While competitiveness is important, its use to justify the exceptions from basic protections sends a worrying message: that human rights are consumable when the financial interests are at stake.”
In the meantime, the body of industry The Union of Computer and Communications Industries said the changes are not far enough.
“Relaxing GDPR requirements for small and medium -sized companies can provide limited relief, but this secondary change is not short of dealing with the deeper structural issues affecting the EU data protection framework, without further adaptations. Imposition and application will remain weak”
“At best, today’s proposal will facilitate the burden of GDPR for just 0.2% of EU companies, while well -intentioned, its limited scope means that it will not make sense to reduce Europe’s digital competitiveness.
The CCIA calls on the EU to align the implementation of GDPR throughout EU legislation for greater cohesion, enhances the One-Stop-Shop mechanism and works to prevent fragmentation in the way Member States apply the rules.
These are the first proposed changes to the GDPR since its introduction in 2018 and there are fears that the committee opens a worm container – especially as persistent rumors that there may be more proposed changes that will come later this year or next.
