EU Governments Approve Negotiating Position on GDPR Tweaks

The EC proposals are part of the "Omnibus IV" legislative package that covers digitalization matters and support measures for small and medium enterprises (SMEs) and companies that have outgrown SME status and are classed as small mid-cap enterprises (SMCs), the Council said.

The proposals are intended to amend 20 pieces of EU product legislation on digitalization and common specifications, and to ease some reporting requirements, including under the GDPR, for SMCs, the Council said. They're part of a broader strategy to simplify EU rules.

The EC originally proposed the SMC category of companies as those with fewer than 750 employees and up to 150 million euros ($176 million) in revenue, the Council noted. Governments, however, raised those thresholds to businesses with fewer than 1,000 employees and an annual turnover of up to 200 million euros ($235 million).

The Council also extended the deadlines for adopting the measures into national law to 24 months, giving governments sufficient time to implement the amendments.

The Council said it will now launch negotiations "as soon as possible" with the European Parliament.

The EC briefed the European Parliament Civil Liberties, Justice and Home Affairs Committee this week on proposed GDPR amendments, IAPP European Operations Coordinator Laura Pliauskaite reported Wednesday.

EC officials told lawmakers record-keeping under the GDPR will only be needed for high-risk data processing, she wrote.

The bid to ease GDPR requirements won backing from the European Data Protection Board and European Data Protection Supervisor in July (see 2507090006). They cautioned, however, that the amended rules must not result in reduced protection for individuals.

The simplification package and GDPR tweaks are top priorities for Denmark, which currently holds the EU Presidency (see 2507010005).