The Federation of Small Businesses (FSB) claims that small businesses are worryingly under-prepared for the introduction of new GDPR regulations which will come into effect at the end of next month.

As of the 25th of May 2018, the General Data Protection Regulation will see the introduction of tougher fines for non-compliance data breaches and it will also give consumers more say over what companies can and can’t do with their personal information.

Despite the fact that businesses have little over a month to go, the FSB says that 33% of SMEs still haven’t started preparing for the introduction of the new EU-wide regulation. A similar number (35%) have only recently started preparing for it, with 52% of those approaching the Information Commissioner’s Office (ICO) for advice.

Only 8% of the 934 small businesses polled by the FSB are ready to be fully compliant with the introduction of the GDPR.

Mike Cherry, chairman of the FSB commented:

 “It’s clear a large part of the small business community is still unaware of the steps they need to take to comply and may be left playing catch-up. The attention now shifts to the ICO and whether it can effectively manage the demands of small businesses seeking advice and guidance. It’s vital smaller firms looking for this support, either by phone or the web, are able to get it easily.”

The average SME spends seven hours a month and £508 a year complying with their data protection requirements, according to the FSB.  60% of small businesses have reported lower profits due to obliging with data protection and 31% say they have been forced to stop workforce expansion.


What happens if I don’t comply with GDPR?

 Sanctions of £20 million or 4% of a business’s annual turnover, whichever is higher, are in place for non-compliance. Fines will only ever be applied as a last resort however.

 Information commissioner, Elizabeth Denham has advised:

 “This law is not about fines, it’s about putting the consumer and citizen first and rebalancing data relationships and trust between individuals and organisations. We do have the power to impose larger fines, but we have access to lots of other tools that are well-suited to the task at hand, such as guiding, advising and educating organisations.”

She continued:

“The report tells us that many small and medium-sized organisations are preparing for the new data protection laws but some still have to make a start. The ICO’s website offers a number of ways in which organisations of all sizes and all sectors can get the help they need and we’ll study the survey findings to see if we can improve the help we offer.”


If you’re looking for accountants in Bracknell who can help you with GDPR, please feel free to contact PKB and we will be more than happy to help.


To read news and blogs from Rebecca Austin, click here >>