A YORK solicitors firm is warning businesses regulation of their data control could toughen up by the end of this month.

Hethertons Solicitors says the Information Commissioners Office (ICO) may soon stop its soft-touch approach to enforcing the rules of the General Data Protection Regulations (GDPR) which came into effect on May 25, 2018.

“When the ICO announced the introduction of the GDPR they made it clear that in the initial year they would give businesses the time they needed to get to grips with the new data protection regime,” said David Scott, senior associate of the York and Boroughbridge firm and GDPR expert.

“However, that year is now nearly up and there are some shocking facts and figures out there, which suggest that many small businesses are not compliant, even if they may have previously taken action in 2018.

“With fines of up to 20 million Euros or four per cent of annual global turnover – whichever is greater – businesses need to wake up to the potential pitfalls of the GDPR and act now if they have done nothing.

“Even those businesses who think they are fully compliant should reassess their procedures for data requests and breach of the GDPR and remind themselves of the rights of personal data holders to ensure they are still compliant.”

He quoted research that shows that more than a third of small and medium enterprises do not know who is affected by the regulations and one in ten small businesses do not think it gives individuals extra rights.

So far the ICO has taken formal action against 53 organisations over the GDPR, but Mr Scott fears that number will now start to increase.

He said Hethertons Solicitors has resources and articles on its websites to help people check that they are still in line with the requirements of the GDPR.

The GDPR lay down a set of strict rules for businesses to follow for collecting and processing personal data.