In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. The objective of this new set of rules is to return control of personal data to citizens, and to simplify the regulatory environment for businesses.The reform consists of a draft Regulation setting out a general EU framework for data protection (the General Data Protection Regulation). The aim of the proposed Regulation is to update and modernise the principles enshrined in existing data protection law.
A draft Directive has also been tabled. The Directive’s objective is to protect personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities (the ‘Police’ Directive).
Progress Of The Reform
The European Commission is pushing for a complete agreement between Council and European Parliament on this data protection reform before the end of this year.
Main Benefits Of The General Data Protection Regulation For Businesses
Data is the currency of today's digital economy. Collected, analysed and moved across the globe, personal data has acquired enormous economic significance. According to some estimates, the value of European citizens' personal data has the potential to grow to nearly €1 trillion annually by 2020. This data protection reform aims to facilitate the digital single market in realising this potential, notably through four main innovations:
- One continent, one law: The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28. The benefits are estimated at €2.3 billion per year.
- One-stop-shop: The Regulation will establish a 'one-stop-shop' for businesses: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU. It will also make it easier, swifter and more efficient for citizens to get their personal data protected.
- Same rules for all companies doing business in the EU, regardless of their establishment. Today EU companies have to adhere to stricter standards than companies established outside the EU, but also doing business within the EU. With the reform, companies based outside the EU will be subject to the same rules.
- Stronger enforcement powers: data protection authorities will be able to impose a fine of up to 2% of their global annual turnover on companies who do not comply with EU data protection rules. The European Parliament has even proposed to raise the possible sanctions to 5%. Privacy-friendly European companies will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive.
SMEs & The New Data Protection Regulation
The Commission has proposed to exempt SMEs from several provisions of the Data Protection Regulation, including the obligation to appoint data protection officers and carry out impact assessments.
A flexible approach will be taken and the obligations of data controllers and processors are to be calibrated to the size of the business and the nature of the data being processed. For example, SMEs will not be fined for a first and non-intentional breach of the rules.
Benefits For Citizens
If citizens do not trust e-services, they will never use them. Confidence is paramount. The data protection reform will strengthen citizens’ rights and help restore trust and confidence in the digital system. The new rules will put citizens back in control of their data, notably through the right to be forgotten, the right to data portability and the right to be informed of personal data breaches, in addition to the principle of privacy by default.