Impact of European Data Protection Reform on small and medium sized enterprises in Spain

The current EU Data Protection Directive applies to all European companies, regardless of their size. The EU Data Protection Reform aims to stimulate economic growth by reducing expenses and excessive regulation for small and medium enterprises (“SMEs”).

To facilitate small and medium companies breaking into new markets, the European Commission has proposed to exempt SMEs from several provisions of the draft EU Data Protection Regulation.

Under the draft EU Data Protection Regulation, SMEs would benefit from four reductions in bureaucratic procedure:

  • SMEs would no longer have to appoint a data protection officer where data processing is not the SME’s main business activity
  • If adopted, the Reform would eliminate the existing duty of notification to supervisory authorities
  • In cases of excessive or repetitive requests to access data, SMEs would have the right to charge a fee for providing data
  • As long as no specific risk exists, SMEs would not have to implement an impact assessment

Currently, where data-processing activities are a subject to a separate set of rules in every country, the cost of adapting a business model to enter a new market may be a significant obstacle.  The changes listed above would facilitate cross-border trade and help SMEs in Spain to expand their activities outside the country.

Marta Stefanowicz & Nicolás Melchior

This article is not considered as legal advice

Nicolás Melchior

A Law graduate from the Universidad Carlo III de Madrid, Nicolás Melchior specialises in corporate Law, commercial contracts and electronic commerce. Working languages: Spanish, German, English and French. For any further enquiries please Contact us