Time is running out for retailers to ensure compliance with new data protection laws or face stiff penalties, a law firm has warned.
The General Data Protection Regulation (GDPR), which applies from May 25 2018, will place greater emphasis on the way in which businesses process personal data, with a series of changes around the collection, storage and usage of information relating to individuals.
There will be increased requirements on organisations to keep records and implement policies, as well as changes to the procedure and time frame for data retention, reporting data breaches and responding to access requests. Businesses must also be more transparent in relation to how personal data is used, and could be made to appoint a data protection officer in some circumstances.
Organisations must take steps to review their processes and documentation to ensure they are compliant before the May deadline – and now is the time to act, according to specialist retail law firm Gordons.
Andrew Logan, head of regulatory at Gordons law firm, said: “GDPR signals a huge change in the way in which businesses process personal data, giving more rights for the individuals and placing greater responsibility on the business which holds the data. It is the biggest change we’ve seen in 20 years.
“Retailers may need to implement, change or review their processes and there is a lot to consider, covering every aspect of how data is collected, stored and used. This includes how long it is retained, procedures for reporting data breaches, considerations for transferring data outside of the European Economic Area, employment contracts and even staff awareness.
“With so much to consider, it is important to act now. Those businesses putting it off until the deadline will find they simply cannot do everything in time – putting themselves at risk of serious financial penalties for non-compliance.”
Gordons is offering tailored support packages to help organisations prepare for the new regulations and ensure compliance ahead of the upcoming deadline.
Andrew added: “We’re already using our experience within the sector to support clients in reviewing their processes and documentation, making sure that they are meeting the requirements well in advance of the changes coming into force.”