According to a recent study, only a minority of small businesses are prepared for the introduction of new data protection regulations which come into force at the end of May.
The study, by the Federation of Small Businesses (FSB), found that a third of small firms (33 per cent) have not even started preparing for the introduction of the General Data Protection Regulation (GDPR) while just over a third (35 per cent) are only in the early stages of preparations. Only eight per cent have completed their preparations.
In addition, it found that concerns around the pressures associated with complying with data protection regulations are still widespread among the small business community. On average the FSB estimates that small firms will spend seven hours per month meeting their data protection obligations.
Perhaps not surprisingly, the federation has concluded that some small businesses will not be compliant ahead of the May deadline and is asking the Information Commissioner’s Office (ICO) to take a proportionate approach to enforcement and support firms towards compliance as opposed to resorting to fines.
For her part, the Information Commissioner has made clear that, although her office has the power to impose heavier fines under the GDPR than under the Data Protection Act, the point of the law is not to fine organisations but rather to protect consumers and citizens. The research also found, however, that of those small firms starting to prepare for the changes, just over half (52 per cent) say they will approach the ICO for advice.
The EU General Data Protection Regulation replaces the Data Protection Directive and is designed to harmonize data privacy laws across Europe. The key changes include increased territorial scope, increased penalties for breaches of the law and strengthening of the conditions for consent.
Gerard Airey of Thompsons Solicitors commented: “The evidence provided by the Federation of Small Businesses is concerning and is a wakeup call for small businesses that if they haven’t already done so, they need to begin to look to comply with the incoming GDPR as a matter of urgency.”
For more information on the key changes, go to:
Visit the EUGPR website for more information on the key changes.