Data has become more and more central to commercial activity in recent years. More than 9 in 10 small firms collect and use data for at least one vital commercial activity. Data enables smaller businesses to serve customers more effectively, deal with suppliers more efficiently, better target business activity to expand their operations and develop new innovative products, services and processes.
Personal data is one type of data that smaller firms utilise. However, the regulation of personal data has been significantly altered by the coming into force of the EU’s General Data Protection Regulation (GDPR). This has substantially increased the costs of dealing with personal data for smaller firms, placed tighter restrictions on the ability of smaller enterprises to efficiently utilise personal data and constrained their scope for innovating with personal data.
The old data protection regime cost smaller businesses around £7 billion annually, to comply with. That equates to more than £1,200 per business a year on average. GDPR’s greater scope, complexity, poor design and drafting will make the ongoing costs for smaller businesses complying with the ‘updated’ data regulation framework much higher than £7 billion. In addition to the annual compliance costs, smaller firms have incurred a GDPR ‘implementation costs’ in the region of £6 billion.
With data so ubiquitous and vital to business success, there is a need for some regulation of personal data in order to make sure there isn’t egregiously negligent use of it. Nevertheless, the data regulation regime in the UK is too onerous, it stifles competition and acts as a drag on innovation in smaller firms. Brexit is an opportunity to reform so that smaller firms to utilise data more effectively to enhance their competitiveness. It provides a chance to improve its quality through simplification, more bespoke drafting and greater discretion for businesses over meeting clear regulatory goals.
While the GDPR was making its way through the EU’s institutions FSB lobbied MEPs and Member States to:
Once passed by the EU, FSB lobbied MPs and peers and the Information Commissioner’s Office (ICO) to ensure that the GDPR’s worst excesses can be minimised through implementation that was sympathetic to the challenging circumstances of smaller businesses. Specifically, we argued that the ICO needs to develop and implement a comprehensive ‘partnership approach’ to its regulatory activity aimed at smaller firms. Such a regulatory policy would aim to create an open regulatory environment that helped spread best practice and learning and improvement among businesses. It should also include elements such as a risk-based and proportionate approach to surveillance and enforcement as well as the provision of small business focused support along with a formal ‘safe harbour’ policy for smaller firms so that they can be open about non-compliance and get support and advice about how to become compliant.
FSB wants a data environment that allows smaller firms to thrive through a regulatory framework that does not unduly inhibit, and where possible encourages, technological adoption and innovation. Therefore, the UK’s data regulation laws need significant improvement. They need to be clearer and simpler, more flexible and be lower cost and less distorting.
In the meantime, the impact of the current rules needs to be ameliorated where possible through the instigation of a ‘partnership approach’ to regulation that looks to ‘enable’ small business understanding and compliance through an open regulatory relationship between regulators and smaller businesses.
Factsheets and downloads for: Employment Law, Taxation Matters, Business Law and Health & Safety information. All free. As well as monthly bulletins.
Rates Review must deliver for all small businesses
Loan Charge review leaves sole traders shrouded in uncertainty