Don’t panic about GDPR

It’s not too late to make sure you are complying with new data rules, says David Prosser.

Prioritise and get the basics right

Credit: MITO images GmbH / Alamy Stock Photo

It's not too late to make sure you are complying with new data rules.

If your small business missed last week's deadline to comply with the European Union's General Data Protection Regulation (GDPR), don't panic. First, you won't be alone: in February, the Federation of Small Businesses (FSB) said one in three small and medium-sized enterprises (SMEs) had not even begun preparing for the regulation. Second, despite the mass hysteria that seemed to engulf some organisations last week, it's unlikely that the information commissioner is about to break down your door and demand that you pay a fine of 4% of your turnover (which is the theoretical penalty for a GDPR failure that could apply).

Advertisement - Article continues below

Of course, this isn't to suggest that you can simply forget about GDPR if you're not confident your business complies, make it a priority to act. But the regulation is proportionate and focused on failures and breaches; it's not a dragnet intended to identify and punish every organisation that didn't hit the 25 May deadline. If you're not sure about your GDPR priorities, your first port of call should be the website of the Information Commissioner's Office (, which features all the practical advice that most organisations will need. Very few SMEs should have to pay specialist consultants for GDPR implementation.

What to prioritise

The key is to focus on the most important GDPR requirements before getting bogged down in the detail. Have you documented what personal data your business holds (electronically or on paper), where it came from and who you share it with? Do you seek consent to hold this data and are you recording that consent? Are you sharing the right privacy notices with people whose data you hold? Do you have procedures in place that enable people to exercise their rights such as asking you to delete their data? And do you have processes in place to detect, report and investigate any system beaches?

Advertisement - Article continues below
Advertisement - Article continues below

Get the basics right, and you'll be most of the way towards full GDPR compliance. Many of the other requirements you may have read about probably won't apply to your business. For example, you probably don't need to appoint a data protection officer, unless you handle very large amounts of personal data, or specialist information, such as data relating to criminal offences. Similarly, organisations with fewer than 250 employees do not have to keep the same extensive records of their data-processing activities as their larger counterparts.

Don't forget, moreover, that GDPR simply revises existing data-protection laws. This is not the first time that regulation has focused on data if your business complies with the Data Protection Act of 1988, it should already be in pretty good shape. Despite all the hype and last week's onslaught of privacy notice emails GDPR is not such a big deal for most SMEs. Although the implementation date has passed, it's not too late to get everything sorted.

Prepare for higher loan repayments

Sooner or later, higher interest rates are on the way, and small businesses are in the firing line. While the Bank of England's Monetary Policy Committee kept official borrowing rates on hold at 0.5% in May, Mark Carney, the Bank's governor, still insists that at least one rate rise is likely before the end of the year.

Advertisement - Article continues below

And that could catch small businesses out almost 90% of firms with borrowing on their balance sheet have floating-rate loans (that is, loans where the rate is not fixed), Marc Bajer of debt adviser Hadrian's Wall Capital tells Accountancy Age that's "down from as much as 50% from five years ago".

With banks reluctant to offer fixed-rate borrowing in recent years, an interest-rate rise of just 0.25 percentage points would cost small and medium-sized enterprises (SMEs) an extra £355m in interest charges in the first year after the hike, says Bajer. The annual cost of a full percentage point rise would be more than £1.4bn.

So SMEs need to start taking the impact of higher borrowing costs into account in their financial planning for the months and years ahead. An increase in interest charges has the potential to hit cash flow and limit businesses' ability to invest. And any business that thinks it could struggle to stay on top of larger monthly repayments needs to talk to its lender as soon as possible.



Small business

Small business: how to chase late-paying customers

Many small business have trouble getting their customers to pay up on time. Here's what you can do about it.
23 Jan 2020

Beyond the Brexit talk, the British economy isn’t doing too badly

The political Brexit pantomime aside, Britain is in pretty good shape. With near-record employment, strong wage growth and modest inflation, there is …
17 Oct 2019
UK stockmarkets

UK banks and negative interest: money for less than nothing

The upheaval at HSBC has underscored banks’ poor prospects. Negative interest rates won’t make things any easier. Matthew Partridge reports
28 May 2020
Small business

Small business: how to prepare your staff for the return to work

Small businesses contemplating how to respond to the prime minister’s call to return to work need to tread carefully.
27 May 2020

Most Popular

Industrial metals

Governments’ money-printing mania bodes well for base metals

Money is being printed like there is no tomorrow. Much of it will be used to pay for infrastructure projects – and that will be good for metals, says …
27 May 2020
Investment strategy

Are you a permabear? Three red flags to watch out for

Contrarian investors are often seen as bearish because the market tends to go up over time. But if that bearishness goes too deep, you risk seriously …
26 May 2020
EU Economy

Here’s why investors should care about the EU’s plan to tackle Covid-19

The EU's €750bn rescue package makes a break-up of the eurozone much less likely. John Stepek explains why the scheme is such a big deal, and what it …
28 May 2020