Ceemet welcomes the aim of the General Data Protection Regulation (GDPR) initiative to uniform rules on data protection throughout Europe, in order to ensure a high degree of data protection for individuals and overcome barriers to the movement of personal data. However, the overly detailed employer obligations will create more administrative burden and compliance costs for companies without a proportionate privacy benefit.

As far as the European Metal, Engineering and Technology-based industries are concerned, the following points are essential in designing an EU data protection regulation:

• Collective agreements must be preserved as a regulatory instrument;
• Consent must remain the basis for permission;
• Data protection within groups of companies should be eased;
• Red tape should be limited to what is necessary for an employment relationship with a special focus on SMEs;
• Sanctions must be balanced.