Regulation 

Fears data protection rules could close small firms

Fears data protection rules could close small firms

Planned regulations on data protection could force small businesses to close down, a business lobby group has warned.

The General Data Protection Regulation will come into effect on 25th May 2018, bringing protection of personal data into the modern digital world with the accountability squarely on the business.

Yesterday (7 August), the Department for Digital, Culture, Media and Sport (DCMS) announced the bill will be presented to parliament after summer recess.

In particular, companies will need to review their current data protection compliance and make sure they have the right policies and procedures to detect, report and investigate a personal data breach.

For financial adviser firms this translates to controlling and safeguarding client data – where and how they acquired it, how and who it is shared with and how and where the data is stored. 

The Forum of Private Business, a lobby group for business, is calling on the government to form a working group to consider the impact on small businesses of the proposed GDPR legislation.

Many financial advice firms are small and medium enterprises.

Ian Cass, chief executive of the Forum, said: “Many people will welcome tighter controls on who owns their personal data an how it is used, and as such the intent of the GDPR legislation is fine, but it appears that no one in power has thought about the small and micro businesses that make up 98 per cent of the UK’s 5.2 million businesses, account for more than half of the country’s employment and are the economic engine of the high street." 

"There is the potential for this legislation to impact the way many of these businesses operate and market themselves, and even force them to close down,” said Mr Cass.

The Forum has four main concerns regarding the new bill.

Firstly, that only larger businesses, with in house compliance guidance or the budget to employ outside consultants, have paid any attention to what the implications of the legislation are.

The Forum is also concerned there are unintended consequences that could impact small businesses, and that these issues have been given inadequate attention.

Another issue is the extent to which electronic communication is used with existing and prospective customers by small businesses.

Finally the Forum wants the issue of the potential increase in costs that could hit small firms, due to potential need to employ or train staff to deal with compliance on data management or buy online data management tools.

However Susan Hill, a chartered financial planner at Susan Hill Financial Planning, is skeptical about the Forum's concerns.

“I do not think it will increase our burden. I run a small business, and we have adapted our system [to comply with the new legislation].

"We have a secure communication with clients, with everything stored in a safe place. I think [the GDPR] is a good measure,” she said.