Don’t panic about GDPR

It’s not too late to make sure you are complying with new data rules.

If your small business missed last week’s deadline to comply with the European Union’s General Data Protection Regulation (GDPR), don’t panic. First, you won’t be alone: in February, the Federation of Small Businesses (FSB) said one in three small and medium-sized enterprises (SMEs) had not even begun preparing for the regulation. Second, despite the mass hysteria that seemed to engulf some organisations last week, it’s unlikely that the information commissioner is about to break down your door and demand that you pay a fine of 4% of your turnover (which is the theoretical penalty for a GDPR failure that could apply).

Of course, this isn’t to suggest that you can simply forget about GDPR – if you’re not confident your business complies, make it a priority to act. But the regulation is proportionate and focused on failures and breaches; it’s not a dragnet intended to identify and punish every organisation that didn’t hit the 25 May deadline. If you’re not sure about your GDPR priorities, your first port of call should be the website of the Information Commissioner’s Office (, which features all the practical advice that most organisations will need. Very few SMEs should have to pay specialist consultants for GDPR implementation.

What to prioritise

The key is to focus on the most important GDPR requirements before getting bogged down in the detail. Have you documented what personal data your business holds (electronically or on paper), where it came from and who you share it with? Do you seek consent to hold this data – and are you recording that consent? Are you sharing the right privacy notices with people whose data you hold? Do you have procedures in place that enable people to exercise their rights – such as asking you to delete their data? And do you have processes in place to detect, report and investigate any system beaches?

Get the basics right, and you’ll be most of the way towards full GDPR compliance. Many of the other requirements you may have read about probably won’t apply to your business. For example, you probably don’t need to appoint a data protection officer, unless you handle very large amounts of personal data, or specialist information, such as data relating to criminal offences. Similarly, organisations with fewer than 250 employees do not have to keep the same extensive records of their data-processing activities as their larger counterparts.

Don’t forget, moreover, that GDPR simply revises existing data-protection laws. This is not the first time that regulation has focused on data – if your business complies with the Data Protection Act of 1988, it should already be in pretty good shape. Despite all the hype – and last week’s onslaught of privacy notice emails – GDPR is not such a big deal for most SMEs. Although the implementation date has passed, it’s not too late to get everything sorted.

Prepare for higher loan repayments

Sooner or later, higher interest rates are on the way, and small businesses are in the firing line. While the Bank of England’s Monetary Policy Committee kept official borrowing rates on hold at 0.5% in May, Mark Carney, the Bank’s governor, still insists that at least one rate rise is likely before the end of the year.

And that could catch small businesses out – almost 90% of firms with borrowing on their balance sheet have floating-rate loans (that is, loans where the rate is not fixed), Marc Bajer of debt adviser Hadrian’s Wall Capital tells Accountancy Age – that’s “down from as much as 50% from five years ago”.

With banks reluctant to offer fixed-rate borrowing in recent years, an interest-rate rise of just 0.25 percentage points would cost small and medium-sized enterprises (SMEs) an extra £355m in interest charges in the first year after the hike, says Bajer. The annual cost of a full percentage point rise would be more than £1.4bn.

So SMEs need to start taking the impact of higher borrowing costs into account in their financial planning for the months and years ahead. An increase in interest charges has the potential to hit cash flow and limit businesses’ ability to invest. And any business that thinks it could struggle to stay on top of larger monthly repayments needs to talk to its lender as soon as possible.