Hospitality Today Summer 2017 (#38) | Page 6

Hospitality

6 | Today | Summer 2017

and the‘ GDPR’

In this issue we shine the spotlight on the‘ GDPR’, the new data protection rules due to come into force in less than a year’ s time. On these pages, the Forum of Private Business warns that many small businesses are totally unprepared and“ won’ t be able to cope”, and on a practical note, IP lawyer Medina Forson advises what hospitality businesses should be doing:
New Data Protection Bill risks being the‘ death knell’ for many small businesses, warns Forum of Private Business
The Forum of Private Business is calling on the Government to form a working group to consider the impact on small businesses of the proposed GDPR legislation, as a lack of clarity on what small business can and cannot do in terms of data use will lead to inertia through fear of breaking the new rules. The Forum cites four main concerns:

 That only larger businesses, with in house compliance guidance or the budget to employ outside consultants, have paid any attention to what the implications of the legislation are. Inadequate guidance has been given by the Information Commissioner’ s Office to help small businesses, and there appear to be areas of the Bill that are open to interpretation which do not give the clarity that small businesses need.
 Whilst focus of the legislation is towards protecting personal data, there appear to be material unintended consequences that could impact small businesses.
The main focus so far, has been on how big business manages personal data and inadequate attention has been given to how these changes may affect small businesses.
 The way many small businesses operate in today’ s world relies on electronic communication with existing and prospective customers. Many businesses rely on email lists for their marketing, and the prospect of obtaining overt consent, and maintaining consent records, is one that many businesses will simply not be able to cope with.

Small and micro businesses already face a disproportionate cost of complying with regulations when compared to big business. The potential for many of them now to have to employ or train staff to deal with compliance on data management or buy online data management tools will be a burden that some will not be able to accommodate, and the threat of the draconian fines that attach to breaches of GDPR will be sufficient to lead some businesses simply to close down.