Data protection shake-up for small businesses

Getty Images

Are you fed up of e-mail messages from companies imploring you to stay on their mailing list?

Spare a thought for small businesses navigating the biggest shake-up in the field of data protection in 20 years.

The General Data Protection Regulation (GDPR) comes into force on Friday – to cut a long and complicated story short, the new laws tighten, as companies that collect data on you and how you use them.

The new rules bring in more changes, including the need for “genuine consensus” with “a positive” opt-in” – and then all the e-mail it to everyone on a mailing list.


Simply Naked

Leah Blanc is the director of the Simply Bare salon in Cardiff. Must take personal information from customers such as contact information, next of kin, and medical conditions.

She said she has not received any notice or information about the GDPR.

“It’s been very stressful and difficult and time-consuming,” he said.

“There are a beauty salon, we always email our clients their appointment, confirmation as well as a reminder email the day before their appointment.

“I understand perfectly the benefits of the GDPR, but we would only have received more information on it.

“It’s going to be a nightmare to implement, but it will be done…it might take a bit longer than the big companies, but I think that our customers will be able to understand.”

Chatterbox Communications

Rebecca Lees is the director of creative PR consultancy Chatterbox Communication in Taffs Well near Cardiff. He has participated in a training session run by the Information commissioner’s Office, which he described as useful for a “broad overview”.

“On the whole, however, it was very time consuming and a bit confusing, with different information coming from different sources,” he said.

Has identified another problem with the GDPR – by making your email stand out from all the others arriving in customers ‘ mail boxes.

“We sent two rounds of e-mail messages to all our contacts list, asking them to opt-in, and we had a good pick-up. One of our messages is a little unusual, we have imagined that Donald Trump could say if they were tweeting about GDPR, so hopefully that has caught the eye.”

Red Dragon Flagmakers

What is GDPR?
How to manage the deluge of GDPR privacy updates
Could new data laws end up bankrupt your company?

A UK survey of 906 firms by the Federation of Small Businesses found only 8% had completed their preparation.

The new rules introduce the possibility of fines for companies if data falls into the wrong hands and should report violations.

However, the Information Commissioner Elizabeth Denham said in the past, he has acknowledged that some companies need time to become fully compliant, and that you will try to “commitment” and not “perfection”.

The changes have left many companies scratching their heads – and waiting in line at the Information commissioner’s Office (ICO), which has been “very busy”.

About 23,000 organizations have called because it was established in the month of November and a spokesman apologised to those who have had to wait more than what I would like to get through.

“With several million [small and medium-sized enterprises] in the UK, the fastest way for them to get help with their questions about data protection and the GDPR is a self-service on the ICO web-site where there is a series of frequently asked questions and their answers.

It also recommended that companies check whether their trade body or industry association had produced no information to help them.

Ben Cottam, FSB Wales head of external affairs, said that his organization is getting hundreds of calls for GDPR.

“In the first instance the ICO should look for an approach that supports compliance, rather than ensure compliance,” he said.