Ms Hill considers the impact of the GDPR depends on how people run their businesses.
“We have a paperless office, with a high level of security,” she said.
Andy Crow, a certified GDPR practitioner, and director and co-founder of Chorus Business Advisers, said businesses should already be aware of the implications of the new law.
“Whilst this is a new announcement, the UK bill is an extension of the European GDPR law [which] has been in the public domain since May 2016.
"The law says that companies should have the appropriate organisational and technical measures to comply with the law.
"In reality, if you are a small business you are not expected to have the same expensive levels of security and procedures of a FTSE 100 company,” he said.
“Small businesses should not panic but should take proper advice."