GDPR latest: Much of the UK unready for wide-ranging new data protection laws
Companies can be hit with huge fines if they don't comply with new rules
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Much of the UK still isn’t ready for the huge changes brought by the EU’s new data laws, according to the Federation of Small Businesses (FSB).
The new rules have just got into effect and have wide-ranging impacts on how information about people can be stored and used. But many small companies are not at all ready, despite the threat of significant fines and punishment if they fail to comply.
The new General Data Protection Regulation (GDPR) give people in the EU new powers to access and control their personal data, as well as giving regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.
But the national chairman of the FSB Mike Cherry warned many smaller firms were still working on their compliance with the new laws.
“GDPR is here and the likelihood is that many of the UK’s 5.7 million smaller businesses will not be compliant,” he said, adding the Information Commissioner’s Office (ICO) needed to show understanding in its enforcement of the regulation.
He said: “It is concerning that the burden and scale of the reforms have proven too much to handle for some of these businesses and there is now a real need for support among the small business community.
“It is imperative that the ICO initially deals with non-compliance in a light touch manner as opposed to slapping small firms with fines.
“Small businesses must see the ICO as a safe space where they can go for advice and help in making the changes necessary to be compliant.”
The ICO has reassured firms it will not rush to levy large fines the moment GDPR comes into force, with information commissioner Elizabeth Dunham writing this week that “although the ICO will be able to impose much larger fines – this law is not about fines. It’s about putting the consumer and citizen first”.
Mr Cherry said he welcomed the ICO’s approach but warned: “The acid test will be whether good intentions are translated into actual practice on the ground”.
“Fines and sanctions will only deter businesses, while education and support will ensure compliance across the sector.”
As the new regulation came into force, the ICO reported on Thursday that sections of its website were struggling with demand from users visiting with GDPR-related queries.
“We are experiencing unprecedented demand for our payment services as we approach the introduction of the GDPR, which is causing our online service to run more slowly than usual,” the regulator said in a tweet.
“You may contact us at a later date if you experience any delays using our online payment services.”
Additional reporting by agencies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments