Brussels’ plans to force companies heavily involved in processing personal data to hire dedicated data protection officers – at a cost of tens of millions of pounds to the industry – must be scrapped, says the Ministry of Justice.
The EU proposal – laid out in the draft Data Protection Regulation – essentially means that most businesses involved in direct, data and digital marketing would be forced to recruit a DPO; a role which some claim could command a salary of up £60,000 a year.
At the moment, any firm processing personal data need only have a data controller, whose data responsibilities are normally just part of their role. They must also be registered with the Information Commissioner’s Office – for the vast majority of firms this costs just £35 a year; for those with a turnover of more than £25.9m, the fee is £500.
Although the MoJ has previously complained about the cost burden, the latest demand comes in a response the Justice Select Committee report into the Commission’s proposals.
“The Government does not believe that the requirement to have a data protection officer (DPO) is necessary… and we believe there are other means of achieving the accountability principle,” the MoJ said in the document. “Under the risk-based model that the UK Government is proposing, data controllers would be encouraged to appoint data protection officers if they were felt necessary to ensure compliance with the proposed Regulation.”
Under the original proposals, business with more than 250 permanent staff, with core activities that “consist of processing operations which require regular and systematic monitoring of data subjects” would be required to appoint a DPO.
However, MEP Jan-Phillip Albrecht’s recent proposed amendments claim the size of firms should not be a criterion for determining whether they have to appoint a DPO or not. He proposed that businesses that process the personal data of more than 500 people in a year should be obliged to appoint DPOs.
The officers will be responsible for advising the organisations on data protection issues, monitoring the implementation of their data protection policies and adherence with the law and be the point of contact for regulators.
Related stories
EU data laws ‘just got a lot worse’
Germans seek tougher EU data laws
DMA rallies team for £47bn fight
DM industry grows 7% to £15bn
New EU data laws ‘to cost millions’
