Forum fears impact of data protection rules for small firms

Ian Cass

The Forum of Private Business wants the Government to form a working group to consider the impact on small businesses of proposed data protection legislation.

The Forum claims a lack of clarity on what small business can and cannot do in terms of data use will lead to inertia through fear of breaking the new rules, which will be discussed after MPs return from their summer break. .
Forum Chief Exec Ian Cass said: “Many people will welcome tighter controls on who owns their personal data an how it is used, and as such the intent of the GDPR legislation is fine – but it appears that no one in power has thought about the small and micro businesses.

“They make up 98% of the UK’s 5.2 million businesses, account for more than half of the country’s employment, and are the economic engine of the high street. There is the potential for this legislation to impact the way many of these businesses operate and market themselves, and even force them to close down.”

He said claims that businesses would be protected gave no comfort whatsoever whilst there was so much uncertainty about what will be allowed, and what actions will be heavily fined.
The Forum is calling on the Government today urgently to establish a dedicated working group, on which the Forum would be pleased to play its part, to ensure that all MPs are fully briefed on the potential impact on their constituency businesses before they are required to vote.

The Forum says it has four main concerns:

  • That only larger businesses, with in house compliance guidance or the budget to employ outside consultants, have paid any attention to the implications of the legislation are.
  • The main focus so far has been on how big business manages personal data and inadequate attention has been given to how these changes may affect small businesses.
  • Many businesses rely on email lists for their marketing, and the prospect of obtaining overt consent, and maintaining consent records, is one that many businesses will simply not be able to cope with.
  • Small and micro businesses already face a disproportionate cost of complying with regulations when compared to big business. The potential for many of them now to have to employ or train staff to deal with compliance on data management or buy online data management tools will be a burden that some will not be able to accommodate, and the threat of the draconian fines that attach to breaches of GDPR will be sufficient to lead some businesses simply to close down.