As the draft regulation on data protection takes its first steps at the European Parliament, SMEs voice their concern over having to name "Mr or Ms data protection" - a requirement if Jan Philipp Albrecht (Greens-EFA, Germany) gets his way with his draft regulation.

To avoid over-burdening SMEs with red tape and costs, the European Commission's proposal exempted most SMEs (companies with less than 250 employees) from submitting to this requirement, which is inspired by the German model. Conversely, the rapporteur is suggesting extending the obligation to appoint a "data protection officer" (DPO) to all legal persons processing more than 500 "data subjects" yearly. Virtually all SMEs would fall under this clause, Luc Hendrickx of the European Association of Craft, Small and Medium-sized Enterprises (UEAPME) warned, on 19 February. In a meeting with MEPs, Hendrickx said the requirement to work with a data protection officer would trigger unacceptable costs for SMEs since "any reputable small company has an address book with more than 500 entries".

Hendrickx urged the Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the EP, which is in charge of the dossier, to revert to the original Commission text. The Commission's proposal aimed to create a balance between data protection and the freedom of enterprises to create and manage such data themselves, according to Justice Commissioner Viviane Reding.

The draft regulation provides that an SME will be free to nominate or not a data protection officer, but will be required to do so if its activities pose a high threat...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT