Impact of the European Data Protection Reform on Small- and Medium-Sized Enterprises in Spain
The current EU Data Protection Directive applies to all European companies, regardless of their size. The EU Data Protection Reform aims to stimulate economic growth by reducing expenses and excessive regulation for small and medium enterprises (“SMEs”).
To facilitate small and medium companies breaking into new markets, the European Commission has proposed to exempt SMEs from several provisions of the draft EU Data Protection Regulation.
Under the draft EU Data Protection Regulation, SMEs would benefit from four reductions in bureaucratic procedure:
1. SMEs would no longer have to appoint a data protection officer where data processing is not the SME’s main business activity.
2. If adopted, the Reform would eliminate the existing duty of notification to supervisory authorities.
3. In cases of excessive or repetitive requests to access data, SMEs would have the right to charge a fee for providing data.
4. As long as no specific risk exists, SMEs would not have to implement an impact assessment.
Currently, where data-processing activities are a subject to a separate set of rules in every country, the cost of adapting a business model to enter a new market may be a significant obstacle. The changes listed above would facilitate cross-border trade and help SMEs in Spain to expand their activities outside the country.
Marta Stefanowicz & Nicolás Melchior
Mariscal Abogados, Spanish lawyers in Madrid, Spain
Member of Eurojuris España, international network of law firms