With new data protection laws set to come into place next month (25 May), many small businesses face an uphill challenge to ensure they are compliant.
It comes in light of research by the Federation of Small Businesses (FSB) in February which found that around two thirds (68%) of small businesses had either not started or were only in the initial stages of GDPR preparation.
FSB is warning that many small firms may not be compliant ahead of the May deadline and is calling on the Information Commissioners’ Office (ICO) to take an understanding approach to enforcement ensuring that small businesses have time to get GDPR ready.
FSB National Chairman, Mike Cherry, said: “As the GDPR deadline swiftly approaches, there is a real danger that many small businesses are yet to have adequately prepared for the changes. Fortunately, for these businesses, there is still time on the clock to start, or finish, their preparations.
“The GDPR is the largest shakeup of data protection laws for years, and whether you are a personal trainer or a consultant, most businesses will have to implement changes to their current practices to make sure they are complying with the new rules.
“Given the extent and the breadth of the changes, it is clear that a majority of small businesses will not be fully compliant before May 25 and will most likely not be compliant when the changes hit. With this in mind, it is critical that the ICO manages non-compliance in a light touch manner with the focus being on education and support, not punishment.”
For many of those small firms starting to prepare for the changes, the ICO now have a vital role to play in getting them prepared – FSB research highlights that just over half (52%) say they will approach the ICO for advice.
Responding to these findings, Mike Cherry voiced his concerns about the ability and readiness of the ICO to manage the high volume of traffic expected to come its way.
Mike Cherry, said: “As we move closer to the 25th May, we can expect a rush of smaller businesses approaching the ICO for support and advice. When this hits, all eyes will be on the ICO and whether or not they have the ability and resources to effectively deal with these enquiries. We cannot have a situation where businesses are taking time out of their busy day to get GDPR compliant and are left hanging on the line.”
The new data protection regulations will overhaul the way that businesses collect, handle and store personal data. The changes come into force on 25 May across the EU.
Notes to editor
1) Guidance for small businesses from the Information Commissioner’s Office
2) #FSBeDataReady campaign from the FSB