(11 months ago)
Lords ChamberIt is two months since I took my oath in this esteemed Chamber, and every day since I have been grateful to your Lordships for the unique opportunity that has been granted to me. Since that first day, I have been asked on many occasions by friends and colleagues, “How is it going?” My reply: “It is like being back at senior school”. I feel very junior, but that is a nice thing, and I feel quite young too.
Being a new Peer, at times I look around and feel overwhelmed by the wealth of knowledge and depth of experience that your Lordships express in the Chamber and outside. I have been made to feel most welcome and supported, especially today in this debate with your kind word of support, but also by the doorkeepers with their immense knowledge of the workings of the House, its history and keeping me on the right side of its traditions and customs.
I would also like to mention the Convenor of the Cross Benches’ office staff, who have encouraged and guided me to this point, and to the many other staff in the Palace who have made me feel so much part of this grand establishment. Finally, if you will indulge me, thank you to my wife and family, who are here today to support me.
Whenever you start a new opportunity, you always question where you can contribute. For me, it was today’s debate on data protection. It would appear that I do not have in-depth knowledge of this extraordinarily complex subject—but on reflection I do, given my experience over the past 30 years of small business. I started with farming businesses, where I was part of the accountancy team, and then I ran the business side of a small firm of rural chartered surveyors. For the past 15 years I have managed a large independent veterinary practice which provides care and services to pets, horses and a large range of farming businesses. I know how important it is that we understand that the data we hold and care for on behalf of our customers and clients is important.
It is five years since the original GDPR legislation was introduced. At that time, it caused a significant amount of anxiety within the small business and veterinary world. This was reflected in the number of individuals and businesses attending seminars on the GDPR, put on by the Veterinary Practice Management Association, an organisation of which I am proud to be the current president. It promotes management and leadership, which are also a passion of mine, in the veterinary sector. The revision of this Bill is extremely well timed and needed. SME businesses are comfortable with the processes they have in place today to comply with the current legislation, but in the fast-moving and changing IT world, the simplification and clarity in the rules with regard to the use of data on a legitimate basis which this Bill intends to clarify are welcome.
Nearly all small businesses, from sole traders to large owner-managed companies, are data controllers. All collect personal data of some form in sales databases, client and patient relationship software and accountancy packages. The ability of the business to keep control of this data is becoming harder, as it has never been easier to export substantial amounts of data from these systems for many different purposes. Therefore, there is an increased risk that personal data can be lost or stolen due to the ever-increasing threat of cyberattack. It is essential that this updated legislation takes into account where all data is stored and its many different formats and ensures that it is not unknowingly shared with other users.
As my research for this debate has shown me, this Bill is immensely complex, which I know is required—but I fear that its complexity will mean that it will not be fully complied with by a number of small to medium-sized businesses that do not have the resources or time to research and instigate any changes that may be required. Therefore, investment will be needed from government to publicise the changes in a simple and understandable way to SMEs. If the Minister will say how he intends to communicate these changes to the sector, that would be welcome.
With regard to the section on smart data, this has brought immense efficiencies and security for small businesses with the changes made by the banking sector. Extending it further would bring more efficiencies for the business community. A cautious approach is needed when extending the use of smart data to ensure that businesses sharing and receiving personal data are compliant with these complex regulations, so that open application program interfaces cannot be infiltrated or hacked.
Individual personal data has without doubt grown in value significantly over the past five years since the introduction of the original data protection legislation. The desire to exchange of data between businesses, scientific institutions and government will only improve efficiency, productivity and scientific breakthroughs, which is one of the goals of this legislation. The protection of the data and recognising its value is essential as we review the Bill. Potentially, as it currently stands, the Bill could favour large IT corporations, whose ability to collect, process and monetise data is well known, so we must ensure that the new up-to-date regulations do not require large amounts of resources to implement them, so that we can ensure a level playing field for all businesses so that they can benefit from the power of data analysis. I agree with the noble Lord, Lord Allan of Hallam, on the need to access EU data so that small businesses can continue to trade without too much hassle and burden. I look forward to learning more of the way of the House as I continue to contribute to this Bill as it moves to Committee stage.