zlacker

[parent] [thread] 2 comments
1. nabla9+(OP)[view] [source] 2018-05-18 10:54:43
In the GDPR draft it was "250 employees or with 5000 records." but 5000 records was dropped.

Now it says:

http://data.consilium.europa.eu/doc/document/ST-5419-2016-IN...

>The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.

Basically small firm that is just holding minimum amount of customer/user information and data and where the business model is not centered around profiling and processing user data.

replies(1): >>cbg0+j
2. cbg0+j[view] [source] 2018-05-18 11:00:09
>>nabla9+(OP)
The piece of text you're quoting is referring to obligations of keeping "Records of processing activities", and is not the definition of large scale, which is undefined in the GDPR.
replies(1): >>nabla9+L2
◧◩
3. nabla9+L2[view] [source] [discussion] 2018-05-18 11:35:31
>>cbg0+j
GDPR is referring to the EU recommendation Article 2 of the Annex to Commission Recommendation 2003/ 361/EC. That's where the number 250 originates from.

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2...

>Staff headcount and financial ceilings determining enterprise categories

> 1. The category of micro, small and medium-sized enterprises (SMEs) is made up of enterprises which employ fewer than 250 persons and which have an annual turnover not exceeding EUR 50 million, and/or an annual balance sheet total not exceeding EUR 43 million.

[go to top]