Britain's jobs may suffer due to the alleged expensive data protection reforms by the EC, according to a minister's assertion.
The European Union is set to ease compliance burdens for small and medium-sized enterprises (SMEs) with the upcoming data protection reforms under the Omnibus IV package. This package introduces a new category called small mid-cap companies (SMCs) and raises the employee threshold for certain General Data Protection Regulation (GDPR) obligations from 250 to 750 employees.
The Omnibus IV defines SMCs as companies with fewer than 750 employees and either turnover up to €150 million or total assets up to €129 million. This move aims to reduce transitional difficulties as companies grow beyond SMEs.
One of the key changes is the exemption of firms with fewer than 750 employees from maintaining detailed records of processing activities, provided their processing is low-risk, occasional, and does not involve special category data. This change potentially benefits around 38,000 additional companies compared to the current threshold of 250 employees.
The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have expressed support for the general aim of reducing administrative burdens while cautioning that fundamental data protection rights must not be compromised. They have sought stronger justification for choosing the 750-employee threshold.
However, despite these reforms, SMEs still face significant challenges in complying with GDPR, including limited internal expertise, tight budgets, and difficulty adapting processes and governance to satisfy GDPR’s complex requirements. Many SMEs lack dedicated data protection officers and find guidance overly technical or inconsistent across jurisdictions.
These simplifications may help SMEs focus resources on growth rather than compliance alone. However, in related areas like online advertising platforms, evolving regulations may impact how SMEs can use digital marketing tools, potentially affecting their competitive dynamics and innovation capacity.
The proposal also includes the principle of the "right to be forgotten," which obliges companies to delete data about customers on request. The impact of this proposal on small businesses in Europe could be enormous, according to Chris Grayling, the British justice minister. It could affect individuals selling items on platforms like eBay from home or running campaigns on Facebook.
The European Commission's proposal aims to enforce these rules on companies like Google and Facebook. However, the proposal is a regulation, which countries would have to follow to the letter, while the Ministry of Justice is calling for a new data protection directive, which can be interpreted by member states.
In sum, the 2025 reforms reflect a clear intent to reduce GDPR’s administrative burdens on smaller and growing businesses, streamlining compliance while maintaining protections. However, practical challenges in implementation and broader regulatory environments remain important considerations for SMEs.
- The European Union's Omnibus IV package, intended to ease GDPR burdens for SMEs, introduces policy-and-legislation changes, such as defining small mid-cap companies and raising the employee threshold, which could potentially benefit over 38,000 additional companies in war-and-conflicts-unrelated general-news.
- Despite the proposed GDPR reforms aiming to reduce administrative burdens for SMEs, these businesses continue to face significant challenges in complying with the regulation, particularly in areas like online advertising platforms, where evolving policies and legislation could impact their competitive dynamics and innovation capacity, beyond the scope of war-and-conflicts.
