Why data laws matter to small businesses
At the Conservative Party Conference, Michelle Donelan, the newly minted Secretary of State with responsibility for data law, announced a pause to the already delayed Data Reform Bill. That Bill will look to “protect consumer privacy and keep their data safe while retaining our data adequacy so that businesses can of course trade freely,” she said. Adding further that “I can promise to you here today… that it will be simpler, it will be clearer for businesses to navigate — no longer will our businesses be shackled by lots of unnecessary red tape.” Sounds good so far.
What is European data adequacy?
European data adequacy means that SMEs, and indeed all businesses within the EU, are able to trade freely, transfer Intellectual Property, and send and receive data in a consistent way, whilst adhering to data protection laws. Whilst it creates blockages to businesses, every business and individual has to work in that way. It is a “known known”.
The shredding of GDPR rules – General Data Protection Regulation – is oft-cited as a potential Brexit dividend. £1bn of savings over 10 years.
Can savings can be made?
The UK Government has been pondering this since the EU GDPR laws came into effect four years ago. Government is yet to identify a solution that marries up data adequacy – the ability for businesses to trade and exchange data freely with the EU bloc – with £1bn of mooted savings. Losing data adequacy would cost £1-1.6bn. There is some evidence savings can be made. An Oxford University paper (2022) found that GDPR ‘caps’ business profits by 8% - due to increased compliance costs. Nonetheless, even the big beasts of Silicon Valley work within the EU rules rather than fight them. Facebook has added 1,000 personnel worldwide to deal with GDPR.
Poor data laws disproportionately harm SMEs
Counterintuitively, the tech giants comply, in order to make money. The research shows that the bulk of compliance costs fall on smaller businesses. Tech giants have increased market share, at the expense of SMEs. GDPR costs SMEs money; many do not have the capacity to keep up. Some SMEs withdraw from international trade involving data; many are forced to employ data protection teams to comply with the laws. We at Henham Strategy hear this regularly from the businesses and organisations we work with.
Government and business need to take the lead
The UK Government should be bold. It was a welcome sign to hear that businesses would co-write the legislation. The goal of reducing burdens to SMEs, whilst retaining consumer protection and, most importantly, retaining data adequacy is a holy trinity to which Michelle Donelan’s department must strive. This could be a supply-side measure that supports growth.
We shouldn’t bet the bank on this Bill, and on retaining EU data adequacy. The pioneering UK-Singapore Digital Economy Agreement - promoting the free flow of data, whilst retaining protections from the 2018 GDPR legislation - should be the basis for all digital chapters of future Free Trade Agreements.
Business itself – the CBI, BCC, FSB and, of course, techUK – needs to step up. Data law reform must be an engagement priority if we are to secure more proportionate laws for our consumers and our small businesses. It remains to be seen whether these goals will be secured.