GDPR latest: Much of the UK unready for wide-ranging new data protection laws

Much of the UK still isn’t ready for the huge changes brought by the EU’s new data laws, according to the Federation of Small Businesses (FSB).

The new rules have just got into effect and have wide-ranging impacts on how information about people can be stored and used. But many small companies are not at all ready, despite the threat of significant fines and punishment if they fail to comply.

The new General Data Protection Regulation (GDPR) give people in the EU new powers to access and control their personal data, as well as giving regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.

But the national chairman of the FSB Mike Cherry warned many smaller firms were still working on their compliance with the new laws.

“GDPR is here and the likelihood is that many of the UK’s 5.7 million smaller businesses will not be compliant,” he said, adding the Information Commissioner’s Office (ICO) needed to show understanding in its enforcement of the regulation.

He said: “It is concerning that the burden and scale of the reforms have proven too much to handle for some of these businesses and there is now a real need for support among the small business community.

“It is imperative that the ICO initially deals with non-compliance in a light touch manner as opposed to slapping small firms with fines.

“Small businesses must see the ICO as a safe space where they can go for advice and help in making the changes necessary to be compliant.”

The ICO has reassured firms it will not rush to levy large fines the moment GDPR comes into force, with information commissioner Elizabeth Dunham writing this week that “although the ICO will be able to impose much larger fines – this law is not about fines. It’s about putting the consumer and citizen first”.

Mr Cherry said he welcomed the ICO’s approach but warned: “The acid test will be whether good intentions are translated into actual practice on the ground”.

“Fines and sanctions will only deter businesses, while education and support will ensure compliance across the sector.”

As the new regulation came into force, the ICO reported on Thursday that sections of its website were struggling with demand from users visiting with GDPR-related queries.

“We are experiencing unprecedented demand for our payment services as we approach the introduction of the GDPR, which is causing our online service to run more slowly than usual,” the regulator said in a tweet.

“You may contact us at a later date if you experience any delays using our online payment services.”

Additional reporting by agencies