Data protection is one of the most important considerations for modern businesses, but that doesn't mean that complying with the new General Data Protection Regulation (GDPR) will be simple. As of 25 May 2018, all businesses in the United Kingdom must be in compliance with the GDPR stipulations concerning information technology security and the protection of customer data.
The GDPR is an update to the earlier Data Protection Act of 1998, which is increasingly out of date and incapable of responding to the modern intersections of business and technology, but many small businesses are unsure of how the new regulations will affect them.
Fortunately, the Information Commissioner's Office (ICO) has established a new helpline intended specifically for helping small businesses and self-employed individuals ensure that they are in full compliance. The information went live on 1 November 2017, and is accessed through the standard ICO helpline.
Due to the limited resources in most small businesses, they are often at greatest risk of a data breach. Despite the government's awareness of the comparatively limited resources, the same GDPR rules will apply regardless of the size of operations.
"The businesses may be small but they still hold important personal information and the need to gain the trust of their customers is just as real," explained information commissioner Elizabeth Denham.
"When it comes to data protection, surveys show they tend to be less well prepared."
“We know that most businesses want to get things right but often struggle to find the key steps to get started. They also have less time and money to invest in getting it right. They may not have compliance teams or data protection officers or access to legal advice,” Denham continued.
Many business leaders have been frustrated with a lack of official support or clear explanations of what exactly will be required of businesses to ensure compliance.
Ian Cass of the Forum for Private Business spoke to Business Advice, saying: "Nobody seems to be saying what it means in simplistic forms. Small business owners are terrified of doing something wrong, and the perception is ‘we better not do anything until we find out’.”
In response to these concerns, the ICO announced several new outreach measures, including the new helpline. Additionally, to help ensure compliance with the new regulations, they have also released a guide to basic IT security, which is available for reading here. There is also a new step-by-step method for organisations to assess their compliance with the GDPR, which is available online here as part of their existing support network for small businesses.
