5.5m SMEs urged to check data protection practices

ico_exterior2The Information Commissioner’s Office is urging the UK’s 5.5 million small-and-medium-sized businesses (SMEs) to check they have the right data protection practices in place to help sustain and develop their businesses.

In a blog post, ahead of this Saturday’s Data Protection Day, the UK regulator says getting good data practices in place from the start will save business owners time and money, and boost customer confidence.

It cites a recent survey, commissioned by the ICO, showed 91% of people worried about having their personal information sold to other companies without their consent, and 87% worried about a company losing their personal information.

The blog maintains that data protection law sets out what businesses should do to make sure they are looking after people’s personal information properly and fairly.

In addition to the legal requirement, good data protection makes economic sense, the ICO insists, saving business owners time and money, and showing customers their information is being treated correctly. The ICO is also flagging up its suite of free resources, providing advice and guidance on its dedicated SME hub.

ICO chief operating officer Paul Arnold said: “As we head into a new year, and a tough year for many small businesses, we want to help business owners work confidently and responsibly with the personal information they hold. It can be an incredibly valuable asset when held and processed responsibly and can enable hard-working business owners to develop their business, whilst instilling a real sense of confidence in their customers.

“Generally speaking, data protection law applies to all workplaces, business ventures, enterprises, societies, groups and clubs. That includes sole traders, the self-employed and company owners and directors. We live in a data-driven world and if used in the right way, data can really help a business achieve greater success.

“Data protection compliance is not a barrier to business success and the ICO is here to help. For example, we want to empower businesses and organisations to ensure their email marketing databases are working as hard as possible to reach the right customers, lawfully, every time.”

The ICO’s advice for businesses comes as the regulator completes a pilot programme with up to 60 SMEs from across the UK, in which they have been trialling a new training and development programme. Named SME Data Essentials, it is aimed at empowering organisations to become better equipped to manage their own data compliance.

The pilot forms part of ICO25, the ICO’s three-year strategic plan which details how the the regulator will bring down the cost of compliance while enabling and supporting SMEs to invest, innovate and grow.

The ICO has a dedicated SME hub for sole traders, SMEs, charities, clubs and organisations who have queries about data protection, electronic marketing and freedom of information.

Despite there being more than 5.5 million UK firms, the ICO’s data protection register currently holds just over 1 million companies and sole traders. Between May 2021 and January 2022, it issued 126 monetary penalties to organisations that have not paid the data protection fee. Fines range from £400 to £4,000.

Related stories
ICO opens DM advice hub but no sign of new DM Code
Firm set up for £1 hit by £220k fine for million TPS calls
Four PECR wreckers whacked with fines of £370,000
Three more fingered as ICO stays focused on rogues
Will tougher fines bring victory in nuisance call war?