New data protection legislation being discussed by Europe’s Justice and Home Affairs Ministers has the potential to place an undue financial burden on small firms, says the Federation of Small Businesses (FSB) and the British Bankers’ Association (BBA). Proposals under discussion would require small firms that hold details of 5,000 customers or more to employ a Data Protection Officer at an estimated cost of £64,000 per year, conduct a data protection impact assessment costing £11,200 per year and carry out a compliance review every two years. FSB research found that one in five (19%) of small firms already consider data protection to be the most burdensome regulation to comply with. The 1995 EU Data Protection Directive established a framework for data protection amongst EU Member States. However, since 1995, there have been numerous technological developments, notably the increased use of personal computers and handheld devices; the rapid expansion of the Internet; and the emergence of social media. The EU Commission believes that the law should be updated to reflect these changes and to provide more harmonisation across EU Member States. “These new rules have the potential to place real burdens on businesses across Europe,” said Irene Graham, Managing Director of Business Finance, BBA. “We would urge EU politicians to reconsider their approach to ensure small businesses are not unduly affected.”
Read more