Data protection: a new set of rules for SMEs
By: Françoise Le Bail, European Commission, Director General for Justice
02 May 2012

Send EMail

On March 27, I had the pleasure of attending the third annual Summit of the International Association of Microsoft Channel Partners (IAMCP) in Brussels. I was greeted by over 100 IAMCP partners who had come together to position innovative SMEs at the centre of Europe's economic recovery.

I had the pleasure of presenting the EU's Data Protection Reform and explaining that it was designed to reinforce consumer trust in an increasingly digital world. Strong protection for personal data will help build the trust needed to enhance the digital economy. By increasing individual rights and allaying consumer concerns about data, technology can truly gain a stronghold. The reformed rules will ensure that individuals are in control so they can access their own data or delete it permanently if they wish: the so-called “right to be forgotten”. The new rules will also reinforce explicit consent, which is important since existing information is extremely convoluted and can be too heavy for individuals and even companies to understand.

The second element we considered when drafting the reform was a single law covering the whole EU. There are currently 27 individual systems that attempt to function within a solitary framework, but what we need instead is a truly single digital market for data protection that allows companies to operate throughout Europe under a single set of rules. Companies will also have a one-stop shop under the new regulation, so that they only deal with one data protection authority. This will save businesses over €2 billion a year. Data protection authorities will have a strengthened role in enforcing privacy rights and an EU-wide data protection board will ensure consistency across the EU27. 

Ultimately, data protection is a fundamental right and it is in companies' interests to offer their customers a high standard of protection for their data. This can be a strong selling point and can offer competitive advantage at a global level too. Companies are vital to this reform, so we want specifically to encourage SMEs to join the policy building process. One way companies can get involved is to embed privacy into their company core and products – privacy by design! We have paid particular attention to the needs of SMEs and exempted them from a number of obligations including requiring a Data Protection Officer, conducting impact assessment, and maintaining documentation. 

This “One Law, One DPA” spirit has been designed to alleviate burdens while bringing immense benefits, including global competitiveness. Our data protection reform will provide a high degree of protection for all parties, with a “technology neutral” approach, thus acting as an enabler and not a barrier to innovation in Europe.

Related content: