‘When it comes to data protection, small businesses tend to be less well prepared. They have less to invest. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real. The GDPR gives regulators the power to enforce in the context of accountability – data protection by design, failure to conduct a data protection impact assessment, DPOs and documentation. If a business can’t show good data protection, they face a fine or reputation damage.’
Speech by Elizabetheth Denham, the Information Commissioner, on 17 January.