Procurement · 25 May 2018

GDPR watchdog tells small businesses: “We are not looking for perfection”

ICO officers raided Cambridge Analytica offices in March 2018
The UK’s information commissioner has spoken to small business owners on the day of GDPR’s introduction to hint that the watchdog will focus on bigger players over high street employers.

Tough new data protection laws, through the EU-led GDPR directive, have today arrived after months of fraught anticipation, unanswered questions and consent request emails.

With top-line non-compliance fines threatening companies with fines up to 17m (or 4% of annual turnover, whichever is higher), business owners up and down the country have been scrambling to get their house in order and encourage their customers to opt-in to continued communications.

Even upon the eve of GDPR, many felt ill-equipped. Almost half of UK business owners anticipated a non-compliance fine, a recent survey found.

Since Business Advice spoke to the Forum of Private Business? (FPB) director, Ian Cass, in the summer of 2017, its been clear that micro firms and sole traders have felt uninformedand unprepared for GDPR. There are far more questions than answers at the moment, Cass told us back then a feeling that may still resonate with many entrepreneurs.

GDPR support for small firms
? ICO helpline
? Guide to the GDPR
? GDPR checklist
? 12 steps to prepare now

However, the UK’s information commissioner, Elizabeth Denham, has now appealed to these fears with words of reassurance for small business owners on the day of GDPR’s legal enforcement.

Speaking to BBC Radio 4’s Today show, Denham said the ICO would only target persistent offenders, and suggested that efforts made towards compliance would see small firms treated proportionately by the regulator.

today is not a deadline. What were looking for is commitment to move forward to their new obligations. We are not looking for perfection. it’s nonsense to think the regulator is going to be making early examples of small businesses by levying large fines, ” she told Today presenter Mishal Husain.

Denham did put to bed claims that the ICO may offer businesses a “grace period”, but said smaller employers could continue to trade as normal.

“The focus of our enforcement is not going to be the high street butchers, or the gardening business, and many of these organisations that are not data intensive are not going to be affected by this new law, ” she explained.



Could your company detect a data breach before the GDPR hourglass empties?

Once a data breach is detected, you only have 72 hours to inform regulatory authorities, and they’re going to want to know all the who, what, when and where? details about the exposed data.




Praseeda Nair is an impassioned advocate for women in leadership, and likes to profile business owners, advisors and experts in the field of entrepreneurship and management.

Business Advice