By clicking ‘Accept’, you agree to the storing of cookies on your device for an enhanced experience as well as analytical and commercial purposes. To learn more about how we use cookies, please see our privacy policy.

What is GDPR and why does it matter to you?

The General Data Protection Regulation (GDPR) is a new data protection regulation that comes into force on 25th May 2018. It is designed to give individuals more control over their personal data, particularly data held by international companies. By harmonising data protection regulations throughout europe, it makes it easier for companies around the world to comply. Why does this matter to you? How does it affect your retail store?


 

What does this mean for my shop?

Data is integral to successful modern retailers, meaning that collecting customer data to work out trends and shopping patterns is essential for growth and success. If you are not already collecting this data, and making use of it, you should be, as it can go a long way to helping you become a better retailer. So how should you be collecting this, and what changes will you need to make to comply with GDPR? Headline components of the new regulations are:

  • Ask for ‘unambiguous consent’ for processing personal data - importantly, this means that pre-ticked boxes no longer constitute consent.
  • Remove personal data from your database when requested.
  • Authorities must be notified within 72 hours of a data breach.
  • Appoint a Data Protection Officer within your business, if you deal with a lot of sensitive data.

It is important to understand that the GDPR is relevant to any company, worldwide, that stores data about EU citizens. This means that if you have an online store, and sell into the EU, you will need to be compliant with the GDPR, even after the UK leaves the EU.


 

How can ePOS help with compliance?

Electronic Point of Sale (ePOS) systems should be making their systems compliant, ready for 25th May. Both our ePOS partners have pages dedicated to GDPR, and how they will help their customers with compliance. You can find these pages below:

It is important to understand that, even when using an ePOS system, you are classified as the ‘controller’ of the data, and the ePOS company are classified as a processor of the data. Responsibility for getting consent, and making the customer aware of how the data is to be used, lies with you. Whilst we cannot make recommendations on your policies, you can see how we notify our customers of their rights, by reading our own Privacy and Data Protection Policy, which we have published on our website.


 

Penalties for non-compliance

An understanding of these new regulations is vital, as there can be huge fines for those who find themselves on the wrong side of it. The sanctions that can be imposed for non compliance include:

  • A written warning in the case of first and non-intentional non-compliance
  • Regular data protection audits
  • Fines up to €20m or up to 4% of annual worldwide turnover, whichever is greater

More details on these sanctions, and the considerations of when and how fines are imposed, can be found here.


This is just a brief overview of the new GDPR to bring your attention to how important it is for you, regardless of the size of your store. For more information please see the full GDPR guidelines here, and more information from ICO here.


 

Follow us on Twitter.
Email us at info@krcs.co.uk
Call us on 0115 9851797

Comment Below

Comments

    No Comments yet. be the first to comment.