New European data protection rules come into force on Friday 25 May. Small firms shouldn’t panic – but should still take steps to prevent breaches, says the UK watchdog

The EU General Data Protection Regulations (GDPR) come in to force on 25 May 2018.

The new rules apply to organisations that handle EU citizens’ data. They affect firms of all sizes – from sole traders to large multinationals. We are conscious that members, particularly sole practitioners and small- and medium-sized firms, may have concerns.

As the LI is not indemnified to provide legal advice, we cannot provide direct advice for members about GDPR. We have, however, compiled the below information, which we hope will be helpful.

GDPR – information and resources for LI members

About the GDPR

The GDPR replaces the EU Data Protection Directive of 1995. (Enshrined in UK law as the Data Protection Act.) Broadly, the Regulations bring about three changes:

  • More power for individuals over who holds their data, and how
  • Clearer obligations for companies that process data
  • Stricter sanctions for companies that misuse data

More information from to the General Data Protection Regulation (GDPR)

Do the regulations affect me?

The GDPR applies to any business that holds an individual’s personal data. This includes details about your employees, customers and suppliers.

More from does the GDPR apply to?

Data watchdog tells firms there is 'no need to panic'

The GDPR strengthens customers’ personal data rights. The regulations increase data security standards, and allow for harsher penalties for companies that flout the rules.

The UK’s data watchdog, the Information Commissioner’s Office (ICO), can levy fines of up to £17.5m for serious breaches. Nevertheless, the ICO assures small firms who do not make extensive use of customer data that they ‘should not panic’.

Information Commissioner Elizabeth Denham has suggested that the focus will instead be on larger companies that ‘deliberately, persistently or negligently misuse data’. Technology firms may be under particular scrutiny.

From ‘Don’t panic!’ data watchdog tells firms

There are, however, basic steps that companies can, and should, take.

Guidance from the ICO for smaller firms

The ICO has produced a package of tools and resources for sole traders, small- and medium-sized businesses. These articles, FAQs, checklists and more will help firms comply with their new legal obligations.

Access the toolkit at


Please enter your comment!
Please enter your name here