Organisations with more than 250 people may have to employ data protection officer… New reforms proposed by the European Commission will require organisations or companies with more than 250 employees to have a designated data protection officer in order to protect any personal information pertaining to staff and customers or clients of the particular organisation.
The Commission wants to introduce these new measures to ensure that larger organisations throughout Europe that process private and personal data details are held to account so that the information is maintained responsibly and in line with data protection protocols.
At the moment there are a variety of data protection laws and reporting requirements relating to differing aspects of the issue but the Commission wants to consolidate the process of legislating for data protection by replacing the current “patchwork” situation with a single clearly-defined set of laws for all 27 member states of the EU.
The vice-president of the Commission claims that the reform of the system will lead to savings of £2.3 billion per year as the changes are intended to remove a lot of uncertainty, bureaucracy and red tape from how data protection issues are managed.
She said: “Businesses are worried because they are faced with many varied, sometimes contradictory data protection requirements, due to different national laws, due to different ways the national data protection authorities apply these laws, and they are also confronted with a load of notification requirements.
“This leads to legal uncertainty, to legal fragmentation and it makes it difficult for companies, most of all those innovative start-ups … to do business in the European single market. This is a real extra cost, a real extra burden on our companies.”
The goal of the Commission is to decide upon a set framework or plan for data protection changes by the end of this year in consultation with the European Parliament and the European Council. Once this is achieved the reforms can be finalised and brought into law across Europe.
As well as calling for the mandatory employment of a data protection officer at larger organisations, other changes proposed by the Commission include an obligation for data controllers to inform the relevant authorities when breaches occur and greater facilities to enable individuals to control their own personal data and how it is displayed.