The European Commission this week confirmed its determination to pass major new data protection laws before the year is out.
Vice-president Andrus Ansip and Commissioner Vera Jourová used European Data Protection Day on Wednesday to issue a lengthy notice on the long-awaited European General Data Protection Regulation.
It explained how, although the European Parliament voted to back the Commission’s proposals in March 2014, justice ministers from member states are still mulling over various aspects of the regulation in the Council of the EU.
However, the Commission made it clear that they “must work now to finalize the agreement” within 2015.
It added:
“The Latvian Presidency is committed to building consensus to achieve a general approach by the end of its mandate in June 2015. The European Commission is pushing for a complete agreement between Council and European Parliament on the data protection reform before the end of this year.”
Hoping to sell the reforms to a skeptical business audience, the Commission claimed that the benefits of rolling out a single, pan-European data protection law are estimated at a staggering €2.3 billion per year.
Meanwhile, SMEs will benefit by being excused from some of the more onerous obligations of the regulation, such as appointing data protection officers, carrying out privacy impact assessments, and making notifications to supervisory authorities.
It continued:
“We want to make sure that obligations are not imposed except where they are necessary to protect personal data: the baker on the corner will not be subject to the same rules as a (multinational) data processing specialist. In a number of cases, the obligations of data controllers and processors are calibrated to the size of the business and to the nature of the data being processed. For example, SMEs will not be fined for a first and non-intentional breach of the rules.”
Alessandro Porro, vice president of international at Ipswitch, argued that IT professionals “should review and bolster their data processing policies and practices now, before the regulation comes into effect.”
“A recent Ipswitch survey revealed that more than half of IT professionals in businesses could not accurately identify what ‘GDPR’ means,” he revealed.
“Over half of respondents admitted they were not ready for GDPR, and over a third confessed to not knowing whether their IT policies and processes were up to the job, while only a mere 12% of respondents felt ready for the change.”