Europe's Justice Commissioner on Friday told ministers from European Union member states that she was prepared to offer some concessions to small businesses and the public sector in revising the data protection regulation.
Vivane Reding told the Justice and Home Affairs Council meeting in Luxembourg that the revised regulation needs "the right firmness of touch", but that she doesn't want to over-burden small and medium-sized enterprises (SMEs).
"SMEs are already exempt from some requirements, like having a data protection officer. The Commission is prepared to look at whether this SME exemption could be broadened to other areas and that we can also look to add further flexibility through an approach that takes into account the amount and sensitivity of the data processed," said Reding.
But she was firm that she would not fall into the lobbyists' trap of granting provisions for SMEs that were really designed to help large multinational firms.
The current E.U. Data Protection Directive does not draw any distinction between rules for the public or the private sector, but the Commissioner said there is room for some flexibility there, too. The current draft of the regulation has listed 20 cases in which the rules are adapted for the public sector, for example in the case of a land registry which would be public.
"But one thing is clear: there can be no general exemption for the public sector," warned Reding.
The Commission estimates that the data protection regulation, by simplifying the legal environment, could lead to business savings of around ¬2.3 billion (US$2.9 billion)per year.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.