Data regulator will not make example of small businesses over GDPR
THE information watchdog has said it is not looking to make an example of small businesses which fall foul of the EU's new data protection law.
The General Data Protection Regulation (GDPR) came into force yesterday and gives regulators new powers to fine firms that misuse data. The Federation of Small Businesses (FSB) has warned that many of its members are still not properly compliant, but Information Commissioner Elizabeth Dunham, who is responsible for enforcing the new regulations, said they would not be expecting "perfection" from small firms from day one.
She said many smaller concerns would not be affected by the introduction of the GDPR.
"What we are looking for is a commitment to move forward with their new obligations. We are not looking for perfection," she told BBC Radio 4's Today programme.
"It is nonsense to think that the ICO (Information Commissioner's Office) is going to be making early examples of small businesses by levying large fines.
"The focus of our enforcement is not going to be on the high street butcher or the gardening business. We are going to be focused on businesses that deliberately, persistently or negligently misuse data."
Her comments came after the national chairman of the FSB, Mike Cherry, urged the ICO to show understanding in its handling of small firms.
"GDPR is here and the likelihood is that many of the UK's 5.7 million smaller businesses will not be compliant," he said.
"It is concerning that the burden and scale of the reforms have proven too much to handle for some of these businesses and there is now a real need for support among the small business community.
"It is imperative that the ICO initially deals with non-compliance in a light-touch manner as opposed to slapping small firms with fines.
"Small businesses must see the ICO as a safe space where they can go for advice and help in making the changes necessary to be compliant."
Mr Cherry said he welcomed the ICO's approach but warned: "The acid test will be whether good intentions are translated into actual practice on the ground.
"Fines and sanctions will only deter businesses, while education and support will ensure compliance across the sector."