Further to our recent article on the General Data Protection Regulation (GDPR), the Federation of Small Businesses (FSB) has launched a new campaign to raise awareness called ‘BeDataReady‘. The campaign has been launched in the wake of the FSB’s recent survey, which found that 90% of small businesses remain unprepared with just 65 days until the new regulations come into force.
The GDPR will be implemented into UK law by the Data Protection Act 2018 on the 25th May 2018, and replaces the Data Protection Act 1998.
The Federation Of Small Businesses (FSB) Survey
The FSB survey found that 90% of small businesses were unprepared for the GDPR, with only 8% having completed their preparations for it. 33% had made no preparations for GDPR whatsoever, whilst 35% were only in the early stages of their preparations. Furthermore, an astonishing 18% of small business owners had never ever heard of the GDPR, whilst 34% admitted to having little understanding of it. Only 13% confirmed that they had bothered to acquire a complete understanding of the new legislation, and of its implications for business.
The FSB has launched the new BeDataReady campaign to raise awareness of the GDPR, following the worrying results of their survey into how prepared small businesses are for the legislation.
The FSB’s National Chairman, Mike Cherry, explained that the “FSB is in a unique position to reach small businesses and so we’re going to step up efforts to help and support them get data ready, while continuing to make sure the Government implements the regulation in the fairest way for small firms. The GDPR is the biggest shake-up in data protection to date and many small businesses will be concerned that the changes will be too much to handle. It’s clear that a large part of the small business community is still unaware of the steps that they need to take to comply and may be left playing catch-up. With less than 100 days until the changes come into force, the attention now shifts to the Information Commissioner’s Office and whether it can effectively manage the demands of small businesses seeking advice and guidance. It is vital that smaller firms looking for this support, either by phone or the web, are able to get it easily. Non-compliance must initially be dealt with in a light touch manner instead of handing down tough penalties. There must be a willingness to play a supportive role in ensuring that small businesses can and are able to comply. The ICO will be critical to creating an environment which focuses on education and prevention and not punishment. Small businesses do understand the need for, and the benefits of, data protection regulations. However, many struggle with the cumulative burden of the regulations and the costs that compliance brings both in time and money. In the long-term, the Government must consider undertaking a regulatory review with the aim being to minimize the negative consequences of regulating data and maximizing as many of the benefits access to, and use of, data can bring for smaller businesses.”
In response, Elizabeth Denham, the Information Commissioner, stated: “I want to be clear that this law is not about fines; it’s about putting the consumer and citizen first, and rebalancing data relationships and trust between individuals and organisations. As regulator, we do have the power to impose larger fines under the GDPR, but we have access to lots of other tools that are well-suited to the task at hand, such as guiding, advising and educating organisations, and these are just as effective. The report tells us that many small and medium sized organisations are preparing for the new data protection laws but some still have to make a start. The ICO’s website offers a number of ways in which organisations of all sizes, and all sectors, can self-serve to get the help they need. We will study the survey findings carefully to see if we can improve the help we offer. We also know that many representative bodies and sector associations are also providing excellent GDPR advice and support for their members.”