The Information Commissioner’s Office (ICO) is urging small businesses “not to panic” less than one month prior to the implementation of hard-hitting new data protection laws.

The General Data Protection Regulation (GDPR), which comes into effect on 25 May, will require all companies, regardless of size, to adhere to a new set of regulatory standards around how they manage and protect the data that they have.

Data includes all personal information, including names and addresses, bank details, IP addresses and CCTV imagery that a business holds on individuals, including staff members.

The impact of the regulations will vary greatly from store to store, depending on how much data a retailer processes. Stores with customer loyalty schemes, large numbers of employees, newspaper delivery rounds, and CCTV systems will be harder hit than those without.

While the risks of non-compliance are severe, with fines of up to €20m, or 4% of turnover, the ICO told C-Store it would rather support businesses in their quest for compliance, than fine them.

“Reports that we’ll be making early examples of organisations are wrong,” deputy commissioner James Dipple-Johnstone said. “We will remain proportionate. As now, we will share examples of our action so organisations can see how we are applying the rules.

“We will reserve our strongest sanctions for breaches that present a high intrusion into people’s privacy, a repeated failure to meet rights, or wilful acts to harm citizens.

“Support, education and guidance will remain at the heart of our regulation.”

Want to know more?

For a guide on what GDPR means to you, go to