As a developer and provider of stock management and EPoS systems, it’s inevitable that we will be an integral part of a retailer’s business. And so, with GDPR coming fully into law on May 25th, we’ve been actively working with our clients to help them along their path to GDPR compliance. Worryingly, recent research suggests that less than 40% of businesses are aware of GDPR, with less than 40% of those actively planning compliance, according to the Department for Digital, Culture, Media and Sport.
Your IT systems must be designed with privacy in mind. Some businesses believe GDPR is just about marketing, but that’s just one aspect of this new pan-European regulation. For example, personal data processed for marketing has to comply with the appropriate legal basis for that processing (usually consent, or legitimate interest). If an individual exercises his rights under the new regulations to have his data removed, you must do so, including from any backups that you hold (except for data you are required to keep by law).
Similarly, you should have processes in place which document what data you hold and where, so the details can be provided to anyone who asks for it.
Our bsmart system incorporates much of the functionality required to reach compliance, including staff access controls, prompts for salespeople to ask for marketing consent, tracking of that consent and data management for Subject Access Rights or data removal.
It’s just one step on the road, but it’s a step we can help you take. For more information, please contact firstname.lastname@example.org.
The information contained in this article is for guidance, and should not be taken as legal advice, you should consult your IT and legal advisors.