Ministers must act to help small and micro-firms prepare for new European data protection laws, an expert has warned.
The General Data Protection Regulation (GDPR), expected to come into force in 2018, will have an impact on even very small, one-man businesses, which might struggle to understand what the laws mean in practice.
This was the warning from JP Buckley, lawyer at DLA Piper, at an online seminar hosted by Computing.
Fines for breaches
Proposed changes that could affect small organisations include increased red tape, mandatory appointment of a data protection officer, higher standards of consent, and heftier fines and penalties for non-compliance.
The government and the Information Commissioner’s Office (ICO) should step in to make sure small organisations aren’t caught out, Buckley argued.
He said: “It won’t apply [to small businesses] in the same degree in practice, and I think the likelihood of enforcement action taking place against a relatively small business is pretty low.
“However, I think there is a need for government and other agencies to publish an easy guide to the GDPR for small businesses. That would really help because there are things that will change.”
Small firms that cannot afford lawyers to make sure they are complying with the legislation would potentially be the worst affected. Failure to comply could result in fines of up to 4 per cent of turnover.
Buckley added: “People need to understand what their obligations are and SMBs really don’t want to have to go to lawyers or technical experts to do that. They want something that they can read, understand and apply themselves.”
Responding, the ICO pledged to publish an assessment tool when the GDPR comes into force. “The details of the GDPR won’t be finalised until the spring and it will be another two years before it’s implemented,” an ICO spokesperson said.