Remember all the fuss when GDPR was introduced? In fact, can you even remember the date when it passed into law in the UK? It was 25th May 2018 if you’re wondering. And hands up if, after an initial frisson of running about to make sure you ticked a few boxes, you’ve now done nothing else…
Even though the short-lived Truss administration tried to make changes to data protection (DP) law, the current government has enough on its plate at present to make it very unlikely that any changes will be coming our way soon, even though that is now perfectly possible in our post-Brexit environment. Whether you like it or not, you are still bound to fulfil the requirements of GDPR.
However, just because we’ve all relaxed a bit, that doesn’t mean that you should stint on ensuring that your use of data is within the law. This particularly applies if you are thinking of selling your company: any due diligence will almost certainly pick up any flaws and could, potentially, put off a buyer.
The problem is that while most businesses do not have any problems with GDPR, that’s often because the problems haven’t cropped up yet. This is one of the reasons why the Information Commissioner’s Office (ICO – the government body responsible for GDPR) is encouraging UK accountants to help their SME clients to ensure they comply with the regulations. While the ICO is more concerned with the big companies and their potential DP law-breaking (we have heard the Regional Head of the ICO actually state this at a conference) that doesn’t mean that SMEs are exempt.
And as you’ll know if you run a small/medium business, there is an awful lot of regulation that you have to keep on top of, all while you are trying to drum up business and keep customers happy. The ICO has carried out research that shows that over a third of SMEs trust their accountants for advice and over a fifth rely on their accountants to keep them up to date with DP law.
The principal reason for doing this (other than it’s just good practice), is that the ICO can fine any company for a breach of the law up to £8.7m or 2% of the total annual worldwide turnover in the preceding financial year, whichever is highest. For the largest data breaches, the fine can be to up to 4% of annual turnover.
To help our clients (and anyone else affected by GDPR – which is all of us), here are seven key questions you should ask yourself about your data, especially if you are just starting out with a new venture.
The ICO has an array of free resources for SMEs, providing advice and guidance for on data protection, electronic marketing and freedom of information on its dedicated SME hub. And, of course, as they suggest, if you’re at all unsure, then contact your accountant and make sure you stay on the right side of the law…
Paul Mollison, M&S Accountancy and Taxation