Published on February 14th, 2018 | by The GC Team0
GDPR: “Time to act on data compliance”
Time is running out for retailers to ensure compliance with new data protection laws or face stiff penalties, says retail specialist law firm Gordons.
The General Data Protection Regulation (GDPR), which applies from 25 May 2018, will place greater emphasis on the way in which businesses process personal data, with a series of changes around the collection, storage and usage of information relating to individuals.
There will be increased requirements on organisations to keep records and implement policies, as well as changes to the procedure and time frame for data retention, reporting data breaches and responding to access requests. Businesses must also be more transparent in relation to how personal data is used, and could be made to appoint a data protection officer in some circumstances.
Andrew Logan, head of regulatory at Gordons law firm, said: “GDPR signals a huge change in the way in which businesses process personal data, giving more rights for the individuals and placing greater responsibility on the business which holds the data. It is the biggest change we’ve seen in 20 years.
“Retailers may need to implement, change or review their processes and there is a lot to consider, covering every aspect of how data is collected, stored and used. This includes how long it is retained, procedures for reporting data breaches, considerations for transferring data outside of the European Economic Area, employment contracts and even staff awareness.
“With so much to consider, it is important to act now. Those businesses putting it off until the deadline will find they simply cannot do everything in time – putting themselves at risk of serious financial penalties for non-compliance.”