The regulation is changing – GDPR strictness is being relaxed
The European Commission is planning to ease the GDPR for companies with fewer than 750 employees, recognising that the current regulation places a disproportionate burden on smaller businesses. Under the proposal, these companies would in principle be exempt from the obligation to keep records of personal data, unless their activities pose a high risk to the data subjects. The aim of the relaxation is to reduce administrative burdens and increase competitiveness – the new regulation is reviewed by Iván Bartal, Partner at Oppenheim Law Firm.
Before the adoption of the General Data Protection Regulation (GDPR), there was already talk of introducing lighter and easier-to-fulfill rules for small businesses. In the end, the adopted legislation essentially included only one such exception, which stipulated that companies with fewer than 250 employees would not have to keep records of the data they process. However, since this exception was only applicable under certain conditions, this solution did not have the desired effect and did not significantly alleviate the situation of small businesses, and all this ultimately resulted in a small limited partnership essentially having to comply with the same rules as a global media company, says Iván Bartal, partner at Oppenheim Law Firm.
Change may come for companies with fewer than 750 employees
The good news in this regard is that the European Commission, based on its latest annual report on SMEs, recognized that the complexity of EU legislation makes it difficult for such businesses to enter the market, limits growth opportunities and can result in unreasonably high compliance costs. The Commission has therefore recently set itself the goal of simplifying a number of pieces of legislation, thereby reducing bureaucracy and proportionally reducing certain obligations for smaller market players.
This would include easing some of the GDPR rules and establishing substantive exceptions for smaller companies. According to the Commission’s plan, companies with fewer than 750 employees would not, in principle, be required to keep records of the personal data they process, unless the activities they carry out are likely to pose a high risk to the data subjects (employees, customers), but even then the record-keeping obligation would only apply to these activities.
In practice, this would mean that employers below the above number would be exempted from an important and burdensome obligation to keep records up-to-date, and would only have to comply with this if they carry out certain activities that seriously affect the privacy of the data subjects. This may include, for example, monitoring employee activities, building a profile of purchasing or other habits (profiling), processing biometric or genetic data, processing location data, camera surveillance, and using new technologies (e.g. artificial intelligence) when processing customer or employee data, for example in recruitment, workplace performance evaluation, or analyzing customer purchasing habits.
Related news
The deadline for the SME competition with a total prize of HUF 15 million has been extended
The Generali Group has announced the EnterPRIZE international program, which…
Read more >Poultry prices have increased slightly
According to AKI slaughter statistics, 228.4 thousand tons (live weight)…
Read more >Domestic companies are maneuvering amid increasing tensions
The average inflation in the euro area is around 2.5%,…
Read more >Related news
Brand tuning for 2025 – the kind of communication that is expected today
According to the VML Future 100 report, 2025 is no…
Read more >Position statement of the Hungarian Shopping Centers Association regarding the amendment to the regulation on commercial real estate
The draft amendment to Government Decree No. 143/2018 (VIII. 13.),…
Read more >Movement around the mall stop: the regulation regulating the retail real estate market may be amended
A draft amendment has been published for Hungary’s Government Decree…
Read more >