Non-compliance finesSince GDPR came into effect in March, the Information Commissioner?s Office (ICO) ??the UK?s data protection authority ? has already demonstrated the consequences of breaching regulation. Two high-profile data protection cases saw airline Flybe and car manufacturer Honda left with ?70,000 and ?13,000 fines respectively for breaking marketing email guidelines ? not an unrealistic scenario for a smaller company to find itself in. With the added scare factor of the headline threat of ?17m non-compliance fines, business owners have become increasingly anxious. ?BEIS is in danger of creating complete inertia (among small firms). Small business owners are terrified of doing something wrong, and the perception is ?we better not do anything until we find out?,? Cass warned. With awareness low and fears mounting, the potential for so-called ?GDPR experts? to exploit the knowledge vacuum is emerging. ?The hot thing at the moment is making money out of GDPR, with?companies inviting small business owners to attend a conference, a workshop or a training session that costs ?400,? Cass revealed. ?But where is the government information on all of this??
Four concernsCass echoed the four central concerns of new data protection rules recently articulated by the FPB. Firstly, the implications of legislation have only reached large businesses with the resources to employ consultants, while the bill?s impact on small companies is yet to be clarified. Secondly, the bill only seeks to change the way big businesses handle consumer data, ignoring how changes would affect small firms. Thirdly, the FPB raised concerns over obtaining overt consent from prospective customers is unrealistic for small business owners dependent on email marketing lists in a world of electronic communication. Finally, it claimed small and micro businesses already faced ?disproportionate? costs in regulation compliance. With added pressures to train staff or purchase new tools, companies could face cash flow problems. As proposed by the FPB, Cass emphasised the importance of an open dialogue between small business and government via a working group. ?There?s nothing to stop government getting a group of small business people and trade associations into a room to talk this through and pull something tangible together, but there doesn?t seem to be any sign of doing that. That would be the quickest and easiest solution to get some answers in place. ?The government doesn?t seem very eager to engage directly with small businesses and I think that?s exactly what they should be doing.? Cass also questioned the commitment to the bill once Britain left the EU. Would the data protection bill in its current form represent long-term legislation or would be replaced? ?There are far more questions than answers at the moment,? he added.
Take a look at these 15 considerations to have better data and device protection in the age of the Internet of Things
Sign up to our newsletter to get the latest from Business Advice.