Small businesses don’t have it easy when it comes to complying with the legislative changes. There often isn’t enough manpower nor time to go through the laws, compared to large companies with their own legal offices.
The GDPR does have some provisions that could help small businesses improve their lot by reducing their record-keeping requirements, but experts warn these measures are not enough.
In his op-ed for EURACTIV, Mr Cherry warned that the new regulation could overwhelm small businesses. He cited new regulations dealing with e-privacy, geo-blocking and free-flow of non-personal data.
Perhaps businesses could handle each of those regulations separately, but the impending legal changes (the GDPR and the ePrivacy Regulation that will follow soon) could drain their resources fast.
Small businesses could feel less confident about using personal data at all, and thus ending at a comparative disadvantage compared to large companies. Mr Cherry calls that a ‘chilling effect’.
Recent reports by CIPL and Avepoint showed that only a quarter of all companies consider themselves to be fully GDPR compliant. YouGov surveys of UK businesses showed much the same results, with almost 40% blissfully unaware of the new GDPR rules.
Mr Cherry considers this enough warning that the implementation of both the GDPR and the upcoming ePrivacy Regulation simply won’t be possible on time for smaller businesses. He proposes spacing out the legislation so businesses have time to gradually adapt to the new rules.
It’s hard not to concur with their motions. With limited manpower, ensuring that all the rules are being followed is no small feat. Besides, with a more gradual introduction of these laws, compliance levels could markedly improve. Otherwise, the lawmakers risk seeing resentment from the small businesses who will feel they’re being sacrificed to the interests of the large companies.
Everyone should be on board for the GDPR, and we urge the supervisory authorities to provide necessary guidance. The most important part for small businesses, however, is to delay the application of the ePrivacy Regulation until they get in line with the GDPR rules, at least according to Mr Cherry.
Whatever the lawmakers decide, we hope small businesses won’t be left high and dry.