The Data Protection Bill has had its second reading in the House of Lords. The Bill, amongst other things, seeks to implement the General Data Protection Regulation (GDPR).
Baroness Neville-Rolfe proposed an amendment to make small organisations with 5 staff or less exempt from the Bill as she feared it imposes disproportionate burdens, especially on small businesses, charities and other small organisations. However, while Amendment 7 proposes an exemption from the Bill’s provisions, this would not apply to the GDPR, which has direct effect.
Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport, responded that he could not agree with the amendment. ‘People should not be afforded a lesser degree of protection simply because they have chosen to do business with, or indeed to voluntarily support, a small organisation’. Furthermore, the amendment ‘is unlikely to have the intended effect because the GDPR does not permit such an exemption’.
Lord Ashton noted that the Information Commissioner has announced the establishment of a dedicated telephone advice service for small and micro businesses to support them in implementation. The response to this announcement was that in previous cases a help service has been promised but not delivered in time.
The amendment was withdrawn. The Bill will return to Committee on 6 November 2017.