EU reform proposals to include Data Protection Officers - the MoJ says 'nul point'
In line with previous statements on this issue the UK government has categorically stated that businesses should not be placed under any further commitment to appoint dedicated data protection officers that they would have had to under a new EU data protection framework.
Instead, businesses should only be encouraged to do so if they feel it helps comply with existing data protection laws.
Under the proposals, businesses with more than 250 staff, public bodies and organisations with “core activities” that “consist of processing operations which may require regular and systematic monitoring of data subjects” would be required to appoint a data protection officer.
Among other existing duties, these officers would be tasked with monitoring and advising a business on data protection issues generally and the implementation of the businesses policies.
In response the MoJ stated that the commission’s proposals were heavy handed and the decision to appoint data protection officers should in fact be based on the type of business and sensitivity of its data as opposed to size.
The Confederation of British Industry has also waded in on the argument – highlighting the cost and overall benefit to a business, in particular, given the need to encourage economic growth and avoid a further recession.
Ultimately the requirement to adhere to data protection laws and the design of processes to ensure compliance should be left to the business, or at least be based on the relevance of the enterprise and its data processing function – as is currently the case.
The EU Commission has yet to respond to the proposed amendment.
Data protection compliance is a complex and fast moving area of law. If this features as part of your business or your wish to learn more, we would be happy to discuss these issues and invite you to contact Ian Dawes on 01206 217314.