GDPR Simplification: What Businesses Need to Know About the New Proposals and EU Representative Obligations

The European Commission wants to make some parts of the GDPR easier for businesses to follow. These changes mainly help small and medium-sized companies by cutting down on paperwork. It’s important to understand what’s changing — and what isn’t — especially if you work with personal data of people in the EU.

What’s Changing?

Currently, the GDPR exempts enterprises with fewer than 250 employees from the obligation to maintain detailed records of their data processing activities. The Commission is now proposing to extend this exemption to include “small mid-cap” companies with fewer than 750 employees. This is a significant move to help a wider range of businesses save time and costs related to compliance.

Even if your company qualifies as a small-mid cap company, the exemption does not apply if your data processing:

  • is likely to result in a high risk to the rights and freedoms of individuals, or
  • involves special categories of personal data, such as health data, racial or ethnic origin, political opinions, or religious beliefs.

 

In these cases, the obligation to maintain records of processing activities remains in effect.

What About the EU Representative Requirement?

The proposed changes do not alter the requirement for non-EU businesses to appoint an EU Representative under Article 27 of the GDPR. Non-EU entities that:

  • offer goods or services to individuals in the EU, or
  • monitor the behaviour of individuals located in the EU,

 

must continue to designate a representative established within the EU, regardless of their size or turnover.

What Does This Mean for Your Business?

The GDPR proposal reduces record-keeping duties for companies that meet the criteria for small-mid cap companies and do not engage in high-risk or sensitive data processing will benefit from reduced record-keeping obligations.

Non-EU companies must still appoint an EU Representative if they process personal data of EU residents, irrespective of their size. Failing to appoint an EU Representative when required can lead to enforcement actions and fines. This makes choosing the right EU Representative a critical step in GDPR compliance.

Looking for a trustworthy EU Representative? Book a free 20-minute discussion or expert support tailored to your business needs.

 

Image by macrovector_official on Freepik

Thank you for reading!

Are you ready to address your EU representation needs?

Book your free consultation online and discover how we can assist you 

Book a call

2 Bridge Street, Unit 2, Athlone, Co. Westmeath, N37 F1W4,
Ireland

+ 353 1 270 9269

[email protected]

Kanto

Legal Documents

Copyright 2025 KANTO. All Rights Reserved.