When the European Union’s General Data Protection Regulation went into effect in May, the new mandate affected organizations far beyond the boundaries of the EU. GDPR’s requirements that organizations protect the privacy of any personal data they handle apply to the personal information of EU residents wherever it may exist in the world. This means a vast number of businesses in the U.S. and elsewhere are affected.
Retailers should pay particular attention to GDPR compliance. Because these businesses handle a large volume of personal information (such as credit card data and shopping histories) retail may be the industry most affected by the regulation.
The penalties for failing to comply are quite steep. While regulators appear willing to work with organizations as they proceed toward full compliance, they can potentially impose fines up to €20 million (roughly $23 million) or as much as 4 percent of a company’s total revenue. That’s a significant hit to the bottom line of any business.
How to Achieve Compliance
Obviously, retailers want to avoid noncompliance and the heavy fines that may accompany it but meeting the regulation’s mandates can be challenging.
One of the primary challenges of GDPR is retailers must identify where they store, process and transmit personal information protected by the regulation, such as transactional databases, customer loyalty programs, credit card processing systems and business analytics programs. Organizations must comply with consumer requests for information, detailing what personal data is retained. To meet this request, a retailer must identify all places where personal information is stored and implement a way to retrieve the information and provide it to a consumer.
Consumers also have what is called the “right to be forgotten,” which allows them to request that organizations purge their personal information from data processing and storage systems.
Technology for GDPR Compliance
Numerous technical solutions can help retailers achieve GDPR compliance. These technologies address the challenges of the data regulation in a wide variety of ways, including compliance tools, secure data storage solutions and network security tools to protect information as it is being transmitted.
Several vendors have governance, risk, and compliance solutions, which establish a centralized monitoring system to manage an organization’s obligations. These tools help an organization’s personnel map compliance efforts to specific security and privacy controls and assist with assessments, audits and remediation operations.
GDPR’s data protection requirements create a compliance burden that storage solutions with built-in encryption features can meet. Some vendors market solutions specifically to help with GDPR compliance that enable encryption key management and ensure private information is protected with strong encryption.
Retailers also should consider network security tools such as email encryption and web security gateways to protect data being transferred to customers, vendors and business partners.
This blog post brought to you by: