My right hon. Friend raises several important points. As for the effect on small businesses, he will be reassured to learn that the issues with the processing of highly personal data that I was discussing do not apply to the majority of SMEs. They will not have to appoint a data protection officer, so that is one comfort.
As for training and guidance, I am sorry that colleagues and their research staff attended courses that were put together before the Bill was even in Committee, and thus did not take numerous amendments into account—not least the amendment clarifying the rights of Members of Parliament and other elected individuals. I apologise for that confusion.
I draw businesses’ attention to the excellent ICO website, which contains good sources of guidance for SMEs, including frequently asked questions. The ICO also provides an advice line for any follow-up questions on subjects that businesses might not be clear about. Ultimately, there is a need for better data protection, and that is not just what is set out in the GDPR. Dreadful examples, such as the case of
Facebook and Cambridge Analytica, have demonstrated the need for more rigorous data rights and for greater security of data.