Businesses urge evolution in data privacy rules

A majority of small and medium-sized businesses support modernised data privacy regulation to help organisations overcome GDPR shortcomings, a new survey* from the UK’s DMA finds. 

Why data privacy regulation matters 

The GDPR came into force in May 2018 but its effects have been unevenly distributed. For some smaller businesses, the rules have introduced complexity when establishing loyalty or personalisation initiatives based on a legitimate interest – an argument for gathering first-party data. 

While some changes are popular, it’s worth noting that most SMEs still want robust and clear regulation. Eighty percent of decision makers surveyed believe regulation is critical to building processes for companies to correctly handle and store customer data.

Inside the report

The DMA’s new report: ‘Data Horizons: How UK SMEs and Consumers View the Future of Privacy Regulation’, explores the nature of demand for updated regulation to personal data processing, vital to 74% of the companies surveyed. 

The challenges

GDPR is a large, complicated set of regulations that apply equally to sophisticated multinationals and to very small businesses. The result is that the bureaucratic burden falls heavily on SMEs. According to the research: 

• 48% of SMEs are concerned that the regulation introduced unnecessary bureaucracy. 
• 43% of SMEs believe that GDPR has stunted their marketing operations.
• 37% say that the GDPR doesn’t work for small businesses. 

UK update to GDPR

The DMA is supportive of a bill now making its way through the UK legislative process, the Data Protection and Digital Information Bill (DPDI). 

• The bill is, according to the UK government, a red-tape-cutting exercise intended to remove barriers for business, while maintaining data adequacy with the EU (which means that data can continue to flow back and forth between the post-Brexit UK and the bloc). 
• While a lighter regulatory burden has drawn support from industry, some civil society organisations have criticised some of its provisions, with other observers arguing that individuals will face limits when trying to understand what data is being held about them and how it is being used. 

“Reforms within the DPDI Bill will create a better balance between innovation and privacy, maintaining GDPR’s high levels of data protection while enabling scientific and technological innovation that will power the future economy,” argues DMA CEO Chris Combemale. 

“Attracting and retaining customers through clearly defined legitimate interests will help businesses to feel more confident using this option for direct marketing, helping them to better communicate and engage with their customers,” he adds. 

*The report surveyed 1000 UK consumers through Censuswide, in addition to 101 SME decision makers.

Sourced from the DMA, UK Government, Computer Weekly, The Guardian, WARC