It does perhaps feel bizarre that one of the biggest regulatory concerns due next year for UK small businesses is coming from the EU. But despite the ongoing going wrangles of Brexit, it will still apply. It’s the next generation of data protection and it’s called GDPR. We’ve written about it before: What do you need to know about GDPR?
And if you want the ins and outs, then the official website is very useful. As they say: “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.” According to the countdown clock, at time of writing, you now have 211 days to prepare.
Perhaps worryingly, according to the Institute of Directors (IoD), not only are many businesses not even ready for the changes but many are not even aware of them. The IoD polled 900 of its members and one third didn’t even know what the GDPR is. 40% didn’t know if the new rules would apply to them. (Clue: they will.)
Jamie Kerr is the IoD head of external affairs and says: “It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months. Company directors are being pulled in so many different directions it is unsurprising that many do not fully understand the details of GDPR.”
“The regulator has a significant role to play in ensuring that SMEs, as well as larger firms, are fully compliant by May 2018. We urge the regulator to step up its engagement with businesses to ensure that they are spreading the message far and wide. In particular, however, it needs to emphasise in simple terms the criteria for compliance, what steps companies will have to take to comply and what the penalties are for not meeting the new standards.”