ICO 'inundated' with SMB calls asking for GDPR guidance

The data watchdog's website is also experiencing outages as GDPR comes into force

The UK's data protection watchdog is receiving over 2,500 calls every week from small businesses seeking last-minute advice on how to comply with the General Data Protection Regulation (GDPR), it has emerged, many of which are queries around what data can and can't be processed.

The Information Commissioner's Office (ICO) website, which serves as an information portal for guidance on data protection law, has also experienced intermittent outages since Thursday, and is currently offline for maintenance at the time of writing.

Advertisement - Article continues below

Responsible for overseeing the protection of digital rights, the ICO suggested earlier this week that it faces a monumental challenge in dealing with requests from country's smallest businesses, particularly those that lack the necessary legal expertise.

"The ICO's biggest problem is going to be just dealing with those phone calls that come in, where the answer will 'no, it's fine to do this'," Nigel Houlden, head of technology policy at the ICO, said at a Westminster eForum panel event in London on Tuesday.

"That's from the companies as well, which is quite surprising. Our enquiries line is taking 2,500 phone calls a week, mostly from SMBs who are asking those types of questions. We are answering them."

While the regulator has introduced a helpline specifically for SMBs trying to comply with GDPR, it currently has a warning to any callers saying call wait times are exceeding one hour.

Advertisement
Advertisement - Article continues below

Houlden placed much of the blame on the mainstream media, suggesting that misinformation about the new data protection laws is being spread in the pursuit of flashy headlines.

Advertisement - Article continues below

"They don't understand it and they'd rather get a shiny glossy headline out of it, like 'GDPR just killed my Granny'," said Houlden. "I think it's down to us... to get out there and spread the word."

The new European data regulations have come into force as of today, marking a fundamental overhaul of the way data is processed throughout the EU. The new rules grant individuals greater powers over the way their data is handled by companies, which in most cases has required an overhaul of internal company processes in order to remain compliant.

Although the UK will soon be leaving the EU, a 2018 Data Protection Act that mirrors GDPR received Royal Assent this week, effectively enforcing the EU regulations in all but name.

Despite offering comprehensive guidance on how to adjust to the laws, the ICO admits companies have struggled to adjust ahead of the deadline.

"I think a lot of that comes down to education," said Houlden. "I think that's part of the ICO's responsibility. We certainly want to help educate the public, but we also want to help educate businesses."

Advertisement - Article continues below

Although GDPR is now in force, the ICO has made it clear that becoming compliant will be an ongoing exercise, and that only those who show an unwillingness to abide by the new regulations are likely to face the harshest regulatory action.

"We want companies to succeed," he added. "The ICO is not the big bad wolf we're not sitting there rubbing our hands together waiting for Friday going, 'haha, we're going to fine you lots of money'. That's not what we're about, that's not what we want to be. We believe in education."

The ICO has also urged companies to conduct data protection impact assessments (DPIAs), to spot any potential weak spots in their data protection measures.

"Keep hold of them, document them," said Houlden. "Should you for any reason require us to come knocking, they will be very useful. They are things we can take into account that you've tried to mitigate certain risks. They are not just a paper exercise. They are something we will take into account during any regulatory action we might have to take."

Advertisement - Article continues below

While the ICO is keen to work with companies rather than punish them, Houlden made it clear that those that are "willfully neglectful" will "feel the wrath of the ICO".

"The ICO will always be pragmatic," he added. "We're not here to kill industry. What we're here to do is just protect people's privacy, protect your rights."

If you're a small business looking for advice on what the new data protection regulations mean for you, we've put together a quick guide that's available here.

We've also put together a wider guide that's applicable for all businesses here, as well as a checklist on what you need to do to become compliant.

Image: Shutterstock

Advertisement
Advertisement

Recommended

Visit/strategy/28237/cto-job-description-what-does-a-cto-do
Business strategy

CTO job description: What does a CTO do?

1 Apr 2020
Visit/social-media/30368/how-to-delete-a-facebook-business-page
social media

How to delete a Facebook business page

1 Apr 2020
Visit/data-centres/30952/five-business-benefits-of-hyperconvergence
data centres

Five business benefits of hyperconvergence

25 Mar 2020
Visit/digital-transformation/31524/how-to-spot-a-failing-digital-transformation-project
digital transformation

How to spot a failing digital transformation project

17 Mar 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/security/privacy/355211/google-releases-location-data-to-showcase-effectiveness-of-coronavirus
privacy

Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020