The national body responsible for consumer data privacy has announced a dedicated telephone service to help small and micro business owners prepare for incoming changes to data protection laws.
As of 25 May 2018, UK businesses that hold consumer data will be required to comply with General Data Protection Regulation (GDPR). However, research has consistently found that small business owners largely remain in the dark over the implications of the EU-led directive. A recent study even suggested as many as nine in ten UK firms were not sufficiently prepared for full compliance, despite significant financial penalties for GDPR breaches.
To help Britain’s smallest firms get their house in order, the Information Commissioner’s Office (ICO) has confirmed that its GDPR helpline will go live on November 1 2017. GDPR support will be available via the ICO’s existing helpline.
Commenting on the additional support being made available to business owners, information commissioner Elizabeth Denham said the different level resources available at smaller companies put them at most risk from breaching new laws.
“When it comes to data protection, surveys show they tend to be less well prepared,” Denham said.
“We know that most businesses want to get things right but often struggle to find the key steps to get started. They also have less time and money to invest in getting it right. They may not have compliance teams or data protection officers or access to legal advice.”
The GDPR laws are designed to create greater transparency around how companies collect and use personal information, and make businesses more accountable to consumers. However, the rules remain the same for companies of every size.
Denham added: “The businesses may be small but they still hold important personal information and the need to gain the trust of their customers is just as real.”
The helpline will be welcomed by the small business community, from where questions have been asked regarding the level of government assistance to smaller companies.
Following the announcement of the government’s new data protection bill in August – which will incorporate GDPR into UK law – Ian Cass, chief executive of the Forum for Private Business (FPB), told Business Advice that the Department for Business, Energy and Industrial Strategy (BEIS) had so far failed to inform small business owners of their new responsibilities ahead of the bill’s introduction in May 2018.
“Nobody seems to be saying what it means in simplistic forms,” Cass told us.
“BEIS is in danger of creating complete inertia (among small firms). Small business owners are terrified of doing something wrong, and the perception is ‘we better not do anything until we find out’.”
Cass warned that without effective help on offer, so-called “GDPR experts” threatened to exploit the knowledge vaccum among small firms and charge for their services.
The GDPR helpline marks the ICO’s first significant step to reach out to firms directly, and it announced other measures to help prepare small business owners for new regulations.
It has plans to simplify its “12 steps to take now” graphic to offer specific guidelines to smaller companies, and will help business owners identify the gaps in their preparations by including a GDPR checklist into its existing SME toolkit.
Sign up to our newsletter to get the latest from Business Advice.