SMEs must adhere to data protection laws to avoid fines

Despite the Brexit vote, even the smallest of small businesses in the UK will have to comply with the EU's forthcoming General Data Protection Regulation (GDPR) adopted on 27 April 2016 and coming into force on 25 May 2018. Failure to comply could not only result in a serious loss of competitive advantage, but businesses could risk fines as high as four per cent of turnover, which could significantly impact the annual profit margin of any business.

Officially known as the Regulation (EU) 2016/679, the GDPR legislation is part of the EU privacy and human rights law. The laws aim to strengthen and unify data protection for individuals within the EU, as well as to regulate the export of personal data outside the EU, thereby giving individuals more control of their personal data and simplifying the regulatory environment for international business by setting a common standard.

The new rules, which could offer some complex problems about how businesses store, delete and return data to people, apply to any company that processes data on any level. It will be particularly relevant to those in the technology sector, especially cloud services providers, who will need to know exactly where the data they hold is transferred to. All businesses will be required to show how they are complying with the data protection laws.

At Beavis Morgan, we understand the challenges faced by business owners. We work with many small and medium sized businesses across a wide range of industry sectors, guiding them though the various stages of business life from start up to exit and all the challenges in between. If you have any concerns relating to the matter of data protection, we are able to put you in touch with companies within our extensive network of contacts who will be able to assist. It’s part of our commitment to supporting SME businesses by providing a holistic suite of business advisory services. Please contact Steve Govey or your usual Beavis Morgan Partner.