Fear and confusion escalates from government silence on data protection bill
Small UK business owners won’t have missed talk of General Data Protection Regulation (GDPR), but deepening uncertainty remains over how they will meet the demands of a new data protection bill in the absence of substantial government guidance.
On 8 August, the Department for Digital, Culture, Media & Sport (DDCMS) announced a new data protection bill to give consumers greater control of their online data. The bill, awaiting parliamentary scrutiny, puts the requirements of the EU’s GDPR into UK law and will be implemented on 25 May 2018.
Although Matthew Hancock, minister of state for digital, claimed both businesses and consumers would be protected, the bill was announced alongside non-compliance fines of up to 17m, or four per cent of annual turnover.
Ian Cass, chief executive of the Forum of Private Business (FPB), said Hancock’s comments gave small company owners no comfort whatsoever, due to uncertainty over obligations and fears of non-compliance.?
While Cass agreed with the principles of GDPR, he said: No one in power has thought about the small and micro businesses that make up 98 per cent of the UK’s 5.2m businesses.
Business Advice got in touch with Cass to find out how the lack of clarity has occurred and what the growing dangers are of a misinformed debate.
The first suggestion is a the absence of practical small business guidance from the Department for Business, Energy and Industrial Strategy (BEIS).
when you look for it, there is very little information out there. The obvious place for me to ask was BEIS saying there’s a huge piece of compliance coming in, do you have a simple guide that we can share with our members .
BEIS was unable to share anything in the way of a tailored framework for small firms, stating guidance would be delivered at a later date. Nobody seems to be saying what it means in simplistic forms, Cass added.
Another organisation, which asked for anonymity, told Business Advice it had received a draft guide to data sharing? circulated by BEIS, requesting feedback that would inform official guidance to be published once the new bill is introduced.
our current understanding is that the Data Protection Act 1998 (DPA) is due to be replaced from May 2018 under GDPR.?while we do not expect that substantial change to the guide will be required, we are circulating this guide as a draft for comment.our intention is to finalise the guide on replacement of the DPA.
Many business owners will be hoping to make the necessary preparations for the new data protection bill prior to its day of introduction.
Since GDPR came into effect in March, the Information Commissioner’s Office (ICO) the UK’s data protection authority has already demonstrated the consequences of breaching regulation.
Two high-profile data protection cases saw airline Flybe and car manufacturer Honda left with 70, 000 and 13, 000 fines respectively for breaking marketing email guidelines not an unrealistic scenario for a smaller company to find itself in. With the added scare factor of the headline threat of 17m non-compliance fines, business owners have become increasingly anxious.
bEIS is in danger of creating complete inertia (among small firms). Small business owners are terrified of doing something wrong, and the perception is we better not do anything until we find out, Cass warned.
With awareness low and fears mounting, the potential for so-called GDPR experts? to exploit the knowledge vacuum is emerging.
the hot thing at the moment is making money out of GDPR, withcompanies inviting small business owners to attend a conference, a workshop or a training session that costs 400, Cass revealed. But where is the government information on all of this
Praseeda Nair is the editorial director of Business Advice, and its sister publication for growing businesses, Real Business. She's an impassioned advocate for women in leadership, and likes to profile business owners, advisors and experts in the field of entrepreneurship and management.