EU Data Protection Package: is it a good deal for SMEs?

Representatives of the EU institutions announced on Tuesday 15 December 2015 that the Member States, the European Parliament and the Commission reached a “strong compromise” on the data protection package. The package is composed of two draft laws – a regulation and a directive. These laws aim to ensure a high level of data protection across the EU. While the agreed text may look good for consumers, there are serious doubts that it will create the right conditions for Europe’s digital sector to thrive and especially for European digital SMEs to become global leaders.

The members of PIN-SME, the European association of digital SMEs, have mixed feelings on the deal reached by the institutions. „We are glad that in the future there will be a uniform regulation that applies equally to all competitors in the market” explains Dr. Oliver Grün, President of PIN-SME. “This is an essential step for the establishment of a Digitial Single market.“ However, he adds “When we look at the details of the law, there are several issues could have been addressed in a better way. The package introduces several new obligations on reporting, approval or documentation that impose heavy demands on the ICT economy. Especially, Small and Medium sized Enterprises (SMEs) are disproportionally affected by such new requirements compared to larger undertakings. We are afraid that for many European SMEs that develop Big Data applications and services the administrative framework will be too complex and, thus, will generate great legal uncertainty.

The agreed text of the EU regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) is available here.