ICO 'inundated' with SMB calls asking for GDPR guidance

The data watchdog's website is also experiencing outages as GDPR comes into force

The UK's data protection watchdog is receiving over 2,500 calls every week from small businesses seeking last-minute advice on how to comply with the General Data Protection Regulation (GDPR), it has emerged, many of which are queries around what data can and can't be processed.

The Information Commissioner's Office (ICO) website, which serves as an information portal for guidance on data protection law, has also experienced intermittent outages since Thursday, and is currently offline for maintenance at the time of writing.

Responsible for overseeing the protection of digital rights, the ICO suggested earlier this week that it faces a monumental challenge in dealing with requests from country's smallest businesses, particularly those that lack the necessary legal expertise.

"The ICO's biggest problem is going to be just dealing with those phone calls that come in, where the answer will 'no, it's fine to do this'," Nigel Houlden, head of technology policy at the ICO, said at a Westminster eForum panel event in London on Tuesday.

"That's from the companies as well, which is quite surprising. Our enquiries line is taking 2,500 phone calls a week, mostly from SMBs who are asking those types of questions. We are answering them."

Advertisement
Advertisement - Article continues below

While the regulator has introduced a helpline specifically for SMBs trying to comply with GDPR, it currently has a warning to any callers saying call wait times are exceeding one hour.

Houlden placed much of the blame on the mainstream media, suggesting that misinformation about the new data protection laws is being spread in the pursuit of flashy headlines.

"They don't understand it and they'd rather get a shiny glossy headline out of it, like 'GDPR just killed my Granny'," said Houlden. "I think it's down to us... to get out there and spread the word."

The new European data regulations have come into force as of today, marking a fundamental overhaul of the way data is processed throughout the EU. The new rules grant individuals greater powers over the way their data is handled by companies, which in most cases has required an overhaul of internal company processes in order to remain compliant.

Although the UK will soon be leaving the EU, a 2018 Data Protection Act that mirrors GDPR received Royal Assent this week, effectively enforcing the EU regulations in all but name.

Despite offering comprehensive guidance on how to adjust to the laws, the ICO admits companies have struggled to adjust ahead of the deadline.

"I think a lot of that comes down to education," said Houlden. "I think that's part of the ICO's responsibility. We certainly want to help educate the public, but we also want to help educate businesses."

Although GDPR is now in force, the ICO has made it clear that becoming compliant will be an ongoing exercise, and that only those who show an unwillingness to abide by the new regulations are likely to face the harshest regulatory action.

"We want companies to succeed," he added. "The ICO is not the big bad wolf we're not sitting there rubbing our hands together waiting for Friday going, 'haha, we're going to fine you lots of money'. That's not what we're about, that's not what we want to be. We believe in education."

The ICO has also urged companies to conduct data protection impact assessments (DPIAs), to spot any potential weak spots in their data protection measures.

Advertisement
Advertisement - Article continues below

"Keep hold of them, document them," said Houlden. "Should you for any reason require us to come knocking, they will be very useful. They are things we can take into account that you've tried to mitigate certain risks. They are not just a paper exercise. They are something we will take into account during any regulatory action we might have to take."

While the ICO is keen to work with companies rather than punish them, Houlden made it clear that those that are "willfully neglectful" will "feel the wrath of the ICO".

"The ICO will always be pragmatic," he added. "We're not here to kill industry. What we're here to do is just protect people's privacy, protect your rights."

If you're a small business looking for advice on what the new data protection regulations mean for you, we've put together a quick guide that's available here.

We've also put together a wider guide that's applicable for all businesses here, as well as a checklist on what you need to do to become compliant.

Image: Shutterstock

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/government-it-strategy/28305/ir35-news
Policy & legislation

Businesses urged to continue IR35 preparations despite Conservative review pledge

3 Dec 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/wifi-hotspots/31488/how-to-boost-your-business-wi-fi
wifi & hotspots

How to boost your business Wi-Fi

22 Oct 2019
Visit/strategy/28223/cio-job-description-what-does-a-cio-do
Business strategy

CIO job description: What does a CIO do?

1 Oct 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019