Viviane Reding, Vice-President of the European Commission, EU Justice Commissioner, told ministers from the European Union Member States at a Justice and Home Affairs Council meeting in Luxembourg that in an effort not to overburden small and medium-sized enterprises (SMEs), she is prepared to offer them some concessions under the revised EU Data Protection Regulation.
SMEs are currently exempt from certain requirements, including the appointment of a data protection officer, but the Commission is prepared to consider broadening this exemption to other areas through an approach that takes into account the amount and sensitivity of the data processed. The proposal further elucidates the Commission's intention to not apply the same rules to “the small hairdresser as to a multinational.”
Reding emphasised that the Commission would not fall into the trap of some lobbyists expressing concerns for SMEs, but in fact referring to provisions designed to help large multinational firms.
In her speech, the Commissioner also referred to the proposed implementing and delegated acts, expressing that they are not designed to be considered a “blank cheque” for the Commission. Instead, Reding suggested she would consider reviewing them one-by-one with member states to ensure they are limited to what is truly necessary.
Reding also hinted that there may be different rules for the private and public sectors, by advocating the need for greater flexibility, even though the consensus is to stick to the status quo of having the same rules apply to both. However, Reding stated that “specific rules are necessary in certain circumstances such as the land registry which should be public.” But she warned that “there can be no general exemption for the public sector.”
It’s looking increasing unlikely that the EU Data Protection Regulation will be revised and ready for a vote during the first quarter of next year, despite the Irish Presidency’s hope to get it on the agenda for February 2013.