Businesses in Hackney are as unprepared as the rest of the country for new EU rules that will change the way customer data is handled, after new research from a leading business organisation found that only a tenth of Britain’s businesses are ready.
The new rules, which will come into effect 25 May 2018, will put tougher restrictions in place on the way personal data is stored. It will allow customers to have easier access to the data companies hold about them, and forces businesses to ask for consent in order to hold and use personal information. Currently, a Subject Access Request allows businesses to charge £10 to individuals who want to access the information held about them. The changes mean this information can be accessed for free.
Hackney businesses have raised concerns after the latest findings from the Federation of Small Businesses suggested that fewer than one in 10 businesses across Britain are ready for the upcoming European General Data Protection Regulation – which will be implemented by the UK’s new Data Protection Bill – while one in five are completely unaware of its existence.
Businesses that fail to handle people’s data correctly can be faced – in the most severe cases – with fines of up to €20 million (nearly £18 million), or four percent of their turnover.
One accelerator firm that has declined to be named said that the Hackney-based startups it works with have very little knowledge about what GDPR is or how to adapt to the measures.
Despite GDPR being EU regulation, the UK government has said that it will remain in effect irrespective of Brexit.
“I haven’t heard of it before. This is the first time,” said Jason Gore, owner of vinyl record shop Lucky Seven on Stoke Newington Church Street. “When it comes to card payments we have to follow strict guidelines and I’m aware of details making sure that receipts are kept in a safe place where nobody can find them.” Card payments and receipts come under GDPR, which covers any piece of information that can be used to identify a person. Under the new rules, shops like Gore’s will have to hand over personal information such as customer receipts held by shop owners.
Nwes, a not-for-profit enterprise agency that provides businesses in Hackney with access to finance and support, is worried by the FSB’s findings. It is currently developing workshops in the borough to provide an overview of the GDPR requirements. For the agency, compliance with the new data regulation will not only allow businesses to avoid potential fines, but will also give them the opportunity to become trusted operators of customer data.
“If businesses are underprepared I think it is because it still seems like an abstract piece of legislation. I think that there is not a wide understanding of what it means to hold client data,” said Richard Salmon, regional director at Nwes. “Even if a business is keeping names and addresses on a piece of paper or excel sheet then this data is effectively the consumers data, and the consumer needs to consent to the business to enable them to retain this data.”
According to Salmon, the difficulty for businesses is in understanding how the new rules will affect them, despite GDPR and its principles being known about “for a long period of time”. The Information Commissioner’s Office, which currently sets out guidelines for how businesses should comply with the Data Protection Act 1998, has been updating its website regularly to offer businesses advice on GDPR. For Salmon, it is crucial that small businesses follow this to avoid breaching the new regulation.
“Personal data is a hot topic at present. Businesses that are showing they are respectful with data and use it in a way to benefit customers and clients will receive further trust and therefore may be more successful,” said Salmon.