Tens of thousands of UK microbusinesses are struggling to comply with the new GDPR rules, which require us to achieve the same level of compliance as multinational businesses like Amazon and Google, when we might have only one employee.
Many have had to cancel important projects, to work on this full-time. Many are simply giving up and closing their businesses, because it is too complex – there were no simplifications for the smallest businesses.
Many are finding that the USA-based software companies they rely on to run their businesses will not allow them to be compliant in time.
And national media outlets are getting consumers excited about the ‘once in a lifetime opportunity’ to clear out their inboxes. So GDPR reconfirmation rates are averaging 10% – we’re losing 90% of our potential customers.
Here is why we need an emergency extension to the ICO’s 25th May deadline:
Here are some of the reasons why we are struggling:
- If you’re not a lawyer, these rules are hugely complex. Even when we have studied them in detail, there is so much conflicting information that it’s hard to know what is fact vs fiction. There have been no simplifications for us and we are required to comply to the same level of complexity as multinationals who have had full teams working on this for a year.
- Unless you have a very simple business, then making all of the required changes can take many weeks, editing thousands of website pages. This becomes a full-time job and most of us are single-employee companies, so that means we have had to put our businesses on hold.
- Many of the software suppliers on whom we depend for running our businesses do not currently offer us the ability to comply (e.g. Privacy Shield or tick boxes on opt-in forms to offer granularity of consent). Despite working with them, many will not bring in the changes we need until long after the 25th May deadline.
- Changing to alternative suppliers would cost thousands and could take months.
- GDPR-fatigue in consumer inboxes means that those microbusinesses who are re-confirming their list are seeing 10% as the typical confirmation rate, even when their subscribers love their emails. This means they could lose 90% of their subscribers – the life-blood for their business – after May 25th.
We therefore need an emergency extension to the 25th May deadline for microbusinesses, especially those who are at the smaller end of this sector. We need until the end of this year to be able to properly comply with GDPR, without seriously damaging our businesses.
We are asking Elizabeth Denham at the ICO and Andrew Griffiths, the UK’s Small Business Minister, to help make this happen.
More background on the GDPR rules and how they affect micro business is here.