A recent study has found that four out of five retailers consider the new data protection law changes set to be rolled out in 2018, to have no bearing on them.
However, Alan Calder, an IT law expert working for IT Governance has warned that store owners failing to comply with EU General Data Protection Regulation (GDPR) early enough, will “do so at their own peril.”
Under GDPR, the new laws will require retailers to guarantee customers and employees are aware of any exact use of personal data they hand over.
Mr Calder went on to say: “While they may think they’re only processing small quantities of personal data, every one of those data subjects (customer or employee) will be entitled to bring an action for damages caused by illegal processing of their data.”
What is illegal processing?
Illegal processing is when personal data is either shared internally or externally without the permission of the individual. Under the new law what is classed as personal data is set to be increased, meaning retailers could well be liable for wrongly-shared information from the following:
- EPOS systems’ data
- Reward schemes
- Social media
- Payment service providers
Additionally, the change in the law means that retailers who don’t report themselves for data breaches could be fined if found by the regulator as victims of cybercrime can suffer if the personal data they hold is stolen.
What’s more, MR Calder also warned that the regulators – the Information Commissioner’s Office – has an existing track record in terms of punishing and fining small businesses for breaches of the law.
When does the new law come into force?
The new legislation comes in as of 25th May 2018, and there’s set to be an increase in the maximum fine, which will now be 4% of a company’s annual turnover.
How can I keep my business protected?
- Set up secure passwords
- Don’t share the personal data of customers or staff with other companies
- Contact your EPOS, CCTV, card payments, payment services, loyalty scheme providers, and your accountant and find out what they’re proposing to do, to make sure you’re not at risk
- Shred paperwork and delete electronic records that are no longer required or you do not need to legally keep