With the General Data Protection Regulation (GDPR) now with us, there was encouraging news for SMEs from Elizabeth Denham from the Information Commissioner's Office.
Elizabeth told BBC Radio 4's Today programme that small businesses which did not make extensive use of customer data would not come under close scrutiny.
Instead, the focus would be on big companies - particularly those in the technology sector - that 'deliberately, persistently or negligently misuse data', she said.
While small businesses 'should not panic' if they suffer a data breach, Ms Denham said there were some basic steps that companies should take to protect data.
As well as individuals being able to bring a complaint to the ICO, she said it could take action as it did in the case of Cambridge Analytica and Facebook.
She acknowledges there will be no grace period for businesses - the rules will be fully enforced from 25 May.