This comes despite claims on Thursday that “most member states are still not ready for the GDPR.”
Business groups have complained that there is a “lot of uncertainty on the interpretation of the new regulation.”
Scores of companies across Europe are currently desperately scrambling to ensure that they comply with the GDPR by the time it comes into effect on 25 May. Failure to do so could result in hefty fines being imposed by the EU.
The changes, in essence, mean that private citizens will need to provide their continued permission in order for companies to continue sending items such as newsletters and information about their services.
In a bid to assist companies and others with the task of putting the regulation into practice, the European Commission is now being asked “not to immediately impose fines” on SMEs during the first year of application.
A letter to the Commission from the body representing SMEs and the business community at EU level insisted, “One cannot expect that SMEs be fully compliant with this extremely complicated legislation right from the start.”
However, on Thursday, Greens/EFA group MEP Jan Albrecht who was parliament’s rapporteur on the GDPR legislation, moved to make a robust defence of it.
In an exclusive interview, he said, “With the GDPR the EU is setting the global standard for the protection of personal data and making sure that the already existing rules on privacy and data protection are finally respected and enforced.”
This also applies, he said, to “large internet companies from outside of the EU.”
The MEP, a Vice-Chair of the committee on civil liberties, justice and home affairs, said GDPR will mean better protection of personal data, tough sanctions for infringements, and reduced bureaucracy.
Abuse of data, as in the case of Facebook and Cambridge Analytica, will cost companies up to four per cent of global annual turnover, he pointed out. Uniform EU-wide standards will apply to all companies, regardless of whether they are based in the European Union or in Silicon Valley.
When asked if he had any concerns about any possible difficulties in implementing the new regulation by the time it comes into effect later this month, he admitted, “There is a lot of unjustified worry and even panic being distributed, especially by those who would like to earn money (by creating uncertainty).”
He added, “In fact, the rules on data protection don’t really change anything substantially.”
In an attempt to offer reassurance, he added, “Those companies and other data processors who follow the rules in the EU today will not have any difficulties under the GDPR.”
However, in a letter to Věra Jourová, European justice, consumers and gender equality Commissioner, three Brussels-based organisations, UEAPME, which represents SMEs, EUROCHAMBRES, the business organisation, and HOTREC, the umbrella association of hotels, restaurants, pubs and cafes and similar establishments in Europe, called for “support and advice for small businesses” on the issue.
They want the Commission to recommend to member states and national data protection authorities not to immediately impose fines on SMEs during the first year of the application of GDPR.
All three organisations also stress that they “fully support the fundamental rights” of EU citizens for the protection of personal data.
UEAPME President Ulrike Rabmer-Koller said, “Entrepreneurs care about their privacy and the privacy of others. That is why our member organisations at national, regional and sectoral level have provided a lot of information and advice during the two-year transition period to ensure compliance with the rules”.
“We support the idea of a unified rule of law, but one cannot expect that SMEs be fully compliant with this extremely complicated legislation right from the start if those responsible for enforcement do not agree on its interpretation,” added Rabmer-Koller.
“This is not about undermining EU legislation, but it is proven good practice of most of the law enforcement authorities.”
HOTREC President Susanne Kraus-Winkler added, “Micro-enterprises and SMEs are working hard to try to understand how they should implement the regulation properly. Nevertheless, at present stage, there is no legal certainty.”
She said, “This means, despite being a regulation, that the legislation might be interpreted differently at national level by member states. In order to avoid unfair practices, a period of grace of one year seems a reasonable approach.”
Further comment came from EUROCHAMBRES President Christoph Leitl who said, “GDPR is a highly complex and important piece of EU legislation. It is also pioneering in several respects, so the eyes of the world are on the EU. This is another reason why it is crucial that we get it right, not just in terms of the legal text, but also in the way in which it is implemented and enforced.
“Our suggestions seem only reasonable given the delays in many member states.”
Speaking in Brussels recently, the EU data protection supervisor (EDPS), Giovanni Buttarelli, said, “It is now more important than ever that complementary rules on ePrivacy and data protection in the EU institutions are finalised as soon as possible.”
The Italian added, “The EDPS also continues to play an important role in the international debate on data protection and privacy and has contributed to discussions on the privacy shield.”
He stressed the need to “find a balance between security and privacy” in the processing of personal data by law enforcement authorities in the fight against terrorism.”
He said that in his role “he aims to ensure that the EU sets an example of how this balance can be achieved.”