The appointment of a data protection officer in companies should be optional, the Council of the European Union stated. This is one of the Council’s recommendations regarding the European Commission’s draft regulation. Justice Ministers held an orientation debate on the proposal for a regulation setting out a general EU framework for data protection.
Chris Grayling, British Secretary of State for Justice, warned for the (financial) cost of a mandatory data protection officer, as proposed in the Commission’s proposal. “There is a real danger in making it mandatory, especially for SMEs. It would cost up to €200 million for the UK alone.”
The data protection package will be in all probability a combination of a Regulation (directly applicable in member states) and a Directive. Some countries such as the UK, Belgium and Denmark are still pushing though for a Directive only.
The Presidency concluded that at technical level, the work should continue along 5 lines. The most important one is the data protection officer that should be optional and not obligatory. The Irish Presidency still hopes to reach a political agreement before the end of its term (end of June).
For more information, have a look at the Council’s provisional press release.