fbpx

Retailers unaware of data protection risks

Four out of five retailers believe data protection law changes next year will have no impact on them, according to a Retail Express poll.

Four out of five retailers believe data protection law changes next year will have no impact on them, according to a Retail Express poll.

However, IT law expert Alan Calder from IT Governance warned that convenience store owners that fail to comply with EU General Data Protection Regulation (GDPR) in time “do so at their own peril."

Under GDPR, retailers will need to ensure customers and employees know the exact use of personal data they hand over.

“While they may think they’re only processing small quantities of personal data, every one of those data subjects (customer or employee) will be entitled to bring an action for damages caused by illegal processing of their data,” he told Retail Express.

Illegal processing is where personal data is shared internally or externally without the individual’s permission. The new law expands what is classed as ‘personal data’, meaning retailers could be liable for wrongly-shared information from CCTV, EPoS data, reward schemes, payroll, social media and payment service providers.

The law change also means retailers that do not report themselves for data breaches could be fined if discovered by the regulator and victims of cybercrime will be punished if personal data they hold is stolen.

Calder also warned that regulators, the Information Commissioner's Office, already has a track record of punishing and fining small businesses.

The new legislation comes into force on May 25, 2018, with an increase in the maximum fine to 4% of a company’s annual turnover.

Do it: Protect your business

  • Have secure passwords.
  • Do not share any customer or staff personal data with other companies.
  • Ask your ATM, EPoS, CCTV, card payments, payment services, loyalty scheme provider, and your accountant what they are doing to make sure you are not at risk.
  •  
  • Shred paperwork and delete electronic records you no longer need or aren’t legally required to keep.

Comments

This article doesn't have any comments yet, be the first!

Become a member to have your say