With less than one month until the introduction of the new General Data Protection Regulation (GDPR), the Federation of Small Businesses (FSB) has warned small and medium-sized enterprises (SMEs) that time is running out for them to prepare.
The business group stated that small businesses face an ‘uphill challenge’ in ensuring that they are compliant by 25 May 2018 – the date from which the new regulation takes effect.
Under the new rules, organisations which collect, store and process individuals’ personal data will be subject to new obligations, with an increased emphasis on accountability and transparency.
The financial penalties for failing to comply are severe, with fines costing up to €20 million or up to 4% of total annual worldwide revenue, whichever is the greater.
The FSB has called on the Information Commissioner’s Office (ICO), the regulatory body that will monitor firms’ compliance, to adopt an ‘understanding approach’ to GDPR enforcement.
‘As the GDPR deadline swiftly approaches, there is a real danger that many small businesses are yet to have adequately prepared for the changes,’ said Mike Cherry, National Chairman of the FSB.
‘Fortunately for these businesses, there is still time on the clock to start, or finish, their preparations.
‘The GDPR is the largest shake-up of data protection laws for years, and whether you are a personal trainer or a consultant, most businesses will have to implement changes to their current practices to make sure they are complying with the new rules.’
Further information on the GDPR can be found on the ICO website.