Data protection: it’s not about Facebook, it’s about us, SMEs tell Parliament
19 February 2013by UEAPME -- last modified 19 February 2013
UEAPME speaks at SME Intergroup; warns against extending to all SMEs the obligation to nominate a data protection officer
Advertisement
The European Parliament cannot focus only on large online multinationals and must take small companies into account in its upcoming votes on the revised data protection regulation, according to UEAPME, the European craft and SME employers' organisation. Speaking this morning at a breakfast meeting organised by the Parliament's SME Intergroup, Enterprise Policy and Legal Affairs Director Luc Hendrickx deplored not only the lack of attention towards SMEs in the debate, but also an harmful change proposed by the Parliament that could trigger a "data protection levy" with significant extra costs for SMEs. In fact, contrary to the original proposal by the European Commission that exempted the vast majority of SMEs, the Parliament's LIBE Committee is suggesting extending the obligation to appoint a "data protection officer" to all legal persons processing more than 500 "data subjects" yearly. Virtually all SMEs would fall under this clause. This would trigger unacceptable costs and red tape for them, warned UEAPME, urging MEPs to revert to the original EC text.
"Nobody in his right mind would question the need for solid rules on data protection, and a revision at this stage is obviously needed to tackle the new challenges linked to technological developments, particularly in the online world. However, the current debate is focusing too much on large Internet multinationals such as Facebook or Google. While it is clear that these companies will play an important role, the lack of focus on the millions of SMEs in Europe is deplorable", Enterprise Policy Director Luc Hendrickx said at the meeting. "Some MEPs must resist the temptation to come up with a futile 'Facebook Act' – what they must do instead is providing small companies with workable data protection rules. Regrettably, the debate in the leading Civil Liberties, Justice and Home Affairs Committee at the EP is going in the opposite direction".
The clauses on the nomination of a "data protection officer" are of particular relevance for SMEs, explained Mr Hendrickx. Although in general UEAPME does not advocate for exemptions, since we believe that rules should be easy enough for all companies to apply, what the European Commission suggested in this respect was spot on and straightforward: all SMEs whose activity does not require regular and systematic monitoring of data subjects do not have to nominate a data protection officer. On the other hand, what the Parliament's LIBE Committee is suggesting leaves a lot to be desired.
"Imposing a data protection officer to all legal persons processing more than 500 data subjects per year means de facto extending this obligation to all SMEs. Any reputable small company has an address book with more than 500 entries", stressed Mr Hendrickx. "The European Commission's own impact assessment calculated a rate of 250 EUR per hour as the average cost of employing an external data protection officer. Assuming even a handful of hours of extra work per year for each of the millions of companies potentially involved, this already translates into a hefty 'data protection levy' with significant extra costs for SMEs. We hope that MEPs realise what is at stake. We urge them to reject the approach of the LIBE Committee and revert to the exemption for SMEs as initially tabled by the Commission", he concluded.
UEAPME is the employers' organisation representing exclusively crafts, trades and SMEs from the EU and accession countries at European level. UEAPME has 80 member organisations covering over 12 million enterprises with 55 million employees. UEAPME is a European Social Partner.
UEAPME - European SMEs employers' association
Sales by email