Emails seen by POLITICO earlier this month showed the proposal is expected to extend reporting exemptions currently reserved for SMEs (with fewer than 250 employees) to mid-cap companies (with fewer than 500 employees). It would also create more exemptions for these smaller businesses, freeing them from keeping records or preparing privacy impact assessments.
On Wednesday evening, negotiators will head into final crunch talks to agree on extra rules to speed up GDPR investigation procedures. The new rules aim to spur sluggish cross-border data protection probes, which can drag on for years and often involve Big Tech companies.
The goal is to set clearer ground rules for how national data protection regulators work together, clarify the rights of complainants and those being investigated during the process, and, crucially, set concrete deadlines for investigations.
According to four people familiar with the negotiations, most of the text has already been agreed, and the main things left to be hammered out on Wednesday evening are the length of deadlines and judicial remedies.
The EU is unlikely to stop there in its efforts to trim its famed privacy law.
When consulting companies and experts about Wednesday’s proposal, the Commission said there could be “possible future reflection on the application of the GDPR.”