One month until GDPR D-Day: SMEs demand leniency

BT builder 2The Federation of Small Businesses is calling for a “light touch” from the Information Commissioner’s Office towards implementation of GDPR for SMEs, after claiming that many are still struggling to get in shape for the new regulation.
The ICO has come under increasing pressure in recent months to concentrate its GDPR efforts among the UK’s small business community, despite setting up a dedicated hotline for SMEs back in November last year.
The ICO has also launched a radio campaign under the strapline: “Making data protection your business.” However, rather than direct business owners to the ICO hotline, the radio ads advise them to visit its website to use the self-assessment tool and read the eight-step guide to GDPR. It will be running across Absolute, Capital, LBC, and Radio X among others.
Commissioner Elizabeth Denham recently admitted that the hotline is getting about 500 calls a day from business owners, desperate for advice.
Even so, FSB chairman Mike Cherry said some smaller firms may not be compliant by May 25 and has called on the ICO to show “understanding” in its enforcement of the new laws.
He said: “As the GDPR deadline swiftly approaches, there is a real danger that many small businesses are yet to have adequately prepared for the changes. Fortunately, for these businesses, there is still time on the clock to start, or finish, their preparations.
“GDPR is the largest shake-up of data protection laws for years, and whether you are a personal trainer or a consultant, most businesses will have to implement changes to their current practices to make sure they are complying with the new rules.
“Given the extent and the breadth of the changes, it is clear that a majority of small businesses will not be fully compliant before May 25 and will most likely not be compliant when the changes hit.
“With this in mind, it is critical that the ICO manages non-compliance in a light touch manner with the focus being on education and support, not punishment.”
Earlier this week, The Sunday Times attracted much derision for running a GDPR scare story which claimed allotment holders could be severely affected by the overhaul, under the headline: “Allotments at risk from alien invader: EU data law.”
It quoted Laurie Callaway Brizi, of Kidbrooke Park Allotment Association in southeast London, who said: “I have no doubt GDPR is there to address those unscrupulous companies that sell customers’ data, but as a volunteer on a small allotment committee, it’s going to increase my admin significantly for minimal value.”
It went on to report that The National Allotment Society said it hopes the new rules will not be “too challenging” for its members, which rely on the goodwill of enthusiastic gardeners to run allotment committees.
In the comments section, one reader wrote: “This really is a non story. There is very clear guidance for small businesses and associations on the ICO website and the requirements are intended to be proportionate. The Information Commissioner was very clear last week that her prime targets are large (probably American) data processors and not allotment associations. Besides, there is very little the ICO can do to an organisation that has no assets or turnover.”

Related stories
One month until GDPR D-Day: brands still fear future
Denham confirms GDPR hotline gets 500 calls a day
ICO unveils GDPR radio ads to target micro-businesses
Small firms bombard GDPR hotline as panic spreads
ICO set to launch dedicated GDPR hotline for SMEs
Final GDPR consent guidance may not be out until April

Print Friendly