In this press release the ECON, ENVI and LIBE committees of the European Parliament announce lighter GDPR rules for small mid-cap companies:

Lighter record-keeping obligations for data protection purposes
Under the new law, current SME exemptions from record-keeping obligations under the General Data Protection Regulation (GDPR) would be extended to SMCs when processing data that is not considered high-risk for the subject’s rights. The exemption will not apply to processing sensitive data including biometrics and data on ethnic origin, political opinions, religion, health, or criminal convictions. (…)

The two acts voted today form part of the fourth Omnibus package on simplification proposed by the European Commission in May 2025.