Home » News » Government delay on GDPR data leaves businesses fearing fines

Government delay on GDPR data leaves businesses fearing fines

Make sure you're compliant with GDPR or you could get caught out with a hefty fine

Avatar photoby Anna Jordan

The government hasn’t yet accredited any GDPR data which is causing compliance concerns for businesses, according to a leading solicitor.

The government delay on accrediting GDPR certification bodies means that thousands of firms have no idea if they could be hit with millions of pounds in fines for non-compliance.

James Pressley, corporate and commercial solicitor at Kirwans law firm, says that businesses needed to know that their efforts have made them General Data Protection Regulation (GDPR) compliant.

Due to come into force on May 25, GDPR is one of the biggest changes in the UK’s data protection legislation across EU states to make sure that consumers are covered to the same level.

Easily-recognisable certification seals or marks are expected to be introduced. Once awarded, consumers would be assured that their data was being properly dealt with by a government-certified business.

It’s up to the Information Commissioner’s Office (ICO) to establish ‘data protection certification mechanisms and data protection seals and marks’ and for the ‘accreditation of certification bodies’.

A checklist of GDPR-compliant businesses

These were expected to be in place by now so that the ICO has a checklist of GDPR-compliant businesses and they don’t have to waste taxpayers’ money away through investigations. It also assures firms that they’ve done enough to avoid huge penalties.

The EU has advised that the certification would be issued by accredited certification bodies for three years; it can be renewed under certain conditions, as long as the requirements are still met.

The ICO’s delay in publishing the plans means that many businesses are turning to unaccredited GDPR advisers to guide them through the process.

Pressley says, ‘The government’s statement of intent on a new Data Protection Bill made it clear that the provisions of the GDPR will remain effective in the UK even after Brexit, so it’s important that a recognised accreditation process is in place as soon as possible.

He adds that the ICO has put a helpline in place for SMEs and charities, but that is no substitute for the detailed analysis that would be needed to receive the accreditation that would assure business and their customers of their compliance.

Firms are keen to get it right – they just need the tools to help them confirm that they’re doing so.’

Further reading on GDPR

Avatar photo

Anna Jordan

Anna is Senior Reporter, covering topics affecting SMEs such as grant funding, managing employees and the day-to-day running of a business.

Related Topics

GDPR

Related Stories

News

Employees to be given flexible working rights from first day

The new legislation gives employees the right to ask for flexible working from day one and shortens the employer's response time

Advice

List of small business associations and networking groups

Business associations and networks offer SME owners and entrepreneurs useful resources to help them grow their companies.

News

Spring Budget 2024 – what’s in it for small businesses?

Here are the Chancellor's Spring Budget 2024 announcements that affect small businesses, including a rise in the VAT threshold and another NI cut for the self-employed

News

Record number of new companies launched in 2023

NatWest and Beauhurst’s New Startup Index reports a record 900,000 companies were started in 2023, up 12% on 2022