Many small companies in the UK are still unprepared for the EU's new data laws, the Federation of Small Businesses (FSB) has warned on the day the regulations come into force.
The new General Data Protection Regulation (GDPR) give people in the EU new powers to access and control their personal data, as well as giving regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use it.
But the national chairman of the FSB Mike Cherry warned many smaller firms were still working on their compliance with the new laws.
"GDPR is here and the likelihood is that many of the UK's 5.7 million smaller businesses will not be compliant," he said, adding the Information Commissioner's Office (ICO) needed to show understanding in its enforcement of the regulation.
He said: "It is concerning that the burden and scale of the reforms have proven too much to handle for some of these businesses and there is now a real need for support among the small business community.
"It is imperative that the ICO initially deals with non-compliance in a light touch manner as opposed to slapping small firms with fines.
"Small businesses must see the ICO as a safe space where they can go for advice and help in making the changes necessary to be compliant."
The ICO has reassured firms it will not rush to levy large fines the moment GDPR comes into force, with Information Commissioner Elizabeth Dunham writing this week that "although the ICO will be able to impose much larger fines - this law is not about fines. It's about putting the consumer and citizen first".
Lianna Brinded, Europe Editor at Quartz said “the reason whythey have to do this is because under new laws all organisations that handle EU citizen data, so that does still include the UK until Brexit, is they have to get your explicit consent to use your personal information.
“Any new law that rolls out you have to try and be on the greater side of being careful rather than being relaxed, especially if you’re a smaller business.
“If you’re flouting those laws, if the EU body decides you’ve been consistently flouting GDPR rules then the level of fine could floor you, so it’s better to be safe than sorry for any business in this circumstance.”
Listen to her conversation with Julia Hartley-Brewer above.