Forum fears new Data Protection Bill could damage small businesses
The Forum of Private Business is calling on the government to form a working group to consider the impact on small businesses of the proposed GDPR legislation following the announcement of the bill to be discussed in parliament after the recess, as a lack of clarity on what small business can and cannot do in terms of data use will lead to inertia through fear of breaking the new rules.
The forum cites four main concerns, the first of which is that only larger businesses, with in-house compliance guidance or the budget to employ outside consultants, have paid any attention to what the implications of the legislation are.
Chief executive of the forum, Ian Cass, said: “Inadequate guidance has been given by the Information Commissioner’s Office to help small businesses, and there appear to be areas of the bill that are open to interpretation which do not give the clarity that small businesses need.”
The second concern is that while the focus of the legislation is towards protecting personal data, there appear to be material unintended consequences that could impact small businesses. Ian continued: “The main focus so far has been on how big business manages personal data, and inadequate attention has been given to how these changes may affect small businesses.”
Third, the way many small businesses operate in today’s world relies on electronic communication with existing and prospective customers. Many businesses rely on e-mail lists for their marketing, and the prospect of obtaining overt consent, and maintaining consent records, is one that many businesses will not be able to cope with.
Finally, small and micro businesses already face a disproportionate cost of complying with regulations when compared to big business. Ian added: “The potential for many of them now to have to employ or train staff to deal with compliance on data management or buy online data management tools will be a burden that some will not be able to accommodate, and the threat of the draconian fines that attach to breaches of GDPR will be sufficient to lead some businesses simply to close down.
“Many people will welcome tighter controls on who owns their personal data and how it is used, and as such the intent of the GDPR legislation is fine, but it appears that no-one in power has thought about the small and micro businesses that make up 98% of the UK’s 5.2 million businesses, account for more than half of the country’s employment and are the economic engine of the high street.
“There is the potential for this legislation to impact the way many of these businesses operate and market themselves, and even force them to close down. Matt Hancock’s comments in his press statement, reassuring that ‘businesses will be protected’, gives no comfort whatsoever while there is so much uncertainty about what will be allowed and what actions will be heavily fined.
“We are making an urgent call for the government to establish a dedicated working group, on which the forum would be pleased to play its part, to ensure that all MPs are fully briefed on the potential impact on their constituency businesses before they are required to vote.”