Express & Star

Small firms still unprepared as GDPR comes into force, business group warns

The Federation for Small Businesses has urged regulators be patient as firms try to comply with the General Data Protection Regulation.

Published
The ICO reported on Thursday sections of its website were struggling with demand from users with GDPR-related queries (Dominic Lipinski/PA)

Many small companies in the UK are still unprepared for the EU’s new data laws, the Federation of Small Businesses (FSB) has warned on the day the regulations come into force.

The new General Data Protection Regulation (GDPR) give people in the EU new powers to access and control their personal data, as well as giving regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.

But the national chairman of the FSB Mike Cherry warned many smaller firms were still working on their compliance with the new laws.

“GDPR is here and the likelihood is that many of the UK’s 5.7 million smaller businesses will not be compliant,” he said, adding the Information Commissioner’s Office (ICO) needed to show understanding in its enforcement of the regulation.

He said: “It is concerning that the burden and scale of the reforms have proven too much to handle for some of these businesses and there is now a real need for support among the small business community.

“It is imperative that the ICO initially deals with non-compliance in a light touch manner as opposed to slapping small firms with fines.

“Small businesses must see the ICO as a safe space where they can go for advice and help in making the changes necessary to be compliant.”

The ICO has reassured firms it will not rush to levy large fines the moment GDPR comes into force, with Information Commissioner Elizabeth Dunham writing this week that “although the ICO will be able to impose much larger fines – this law is not about fines. It’s about putting the consumer and citizen first”.

Mr Cherry said he welcomed the ICO’s approach but warned: “The acid test will be whether good intentions are translated into actual practice on the ground”.

“Fines and sanctions will only deter businesses, while education and support will ensure compliance across the sector.”

As the new regulation came into force, the ICO reported on Thursday that sections of its website were struggling with demand from users visiting with GDPR-related queries.

“We are experiencing unprecedented demand for our payment services as we approach the introduction of the GDPR, which is causing our online service to run more slowly than usual,” the regulator said in a tweet.

“You may contact us at a later date if you experience any delays using our online payment services.”

Sorry, we are not accepting comments on this article.