UK businesses have been hitting out at the potential impact of the forthcoming European General Data Protection Regulations that will come into force on May 25, 2018. The original aim of the law was to curb tech giants such as Google, Amazon and Facebook cashing in on users’ data without their consent, but one of the implications is that it also will impose tough restrictions on sole traders, small and medium sized businesses as well as charity fundraisers. It could realistically have a dramatic effect on startups too. Speaking to The Sun, Tom Davenport, the co-founder of tech company TalentPool said:
“We hold millions of datapoints on our users and we already take protecting this very seriously. Our customers trust us with their data on the assumption that we won’t leak or lose it, which we don’t.
“It’s fundamentally pretty straightforward. It’s frustrating therefore to now be hit with such a massive and complex piece of legislation in this area.
“Some businesses may not be protecting data properly and so it’s right to change that. But at TalentPool we’ve been caught in the crossfire and we’re now going to have to make big changes and incur considerable costs to abide by rules which I just don’t think were intended for companies like us.
“We already abide by the very strict UK laws on this subject and we just don’t need another set of rules. I hear there may be benefits, but all we have seen so far are costs in both time and money. Personally, I’d rather we weren’t under this new pressure at all.”
The Federation of Small Businesses has asked that the government step on to offer support for companies which are going to struggle to comply with the regulations. Mike Cherry, a spokesperson said:
“Many small businesses are already straining under the burden of the current data protection regime and some will be having sleepless nights thinking about how GDPR will add to this.
“Members have reported that the current regime is hitting their profits, hindering their ability to grow their workforce and resulting in lost orders and customers.”
The new law will be enforced by the Information Commissioner’s Office (ICO) in the UK. They have said that they will not stop people using data for personal reasons, but it would prevent individuals contacting friends and acquaintances to promote a business to friends and family unless they have specifically opted-in. A spokesperson for the ICO said:
“If a sole trader is promoting their services then this would be a business activity rather than a purely personal one and therefore the GDPR would apply to their processing of personal data for this purpose, just as the Data Protection Act does now.”
This obviously could have an effect on a range of startups including small, family and micro-businesses.