NEW EU data protection regulations governing how businesses collect, store and distribute information have come into force.
The General Data Protection Regulation (GDPR) went live on 25 May and it applies to all businesses that handle personal data.
Under the new rules retailers are obliged to get consent from customers when handling data.
Scenarios when consent would be required include when processing an online delivery or signing a customer up to a loyalty scheme. Retailers who do not expressly state how data provided by customers will be used, and gain consent for this use, could be landed with a heavy fine.
GDPR also governs how business must respond to a data breach.
Alison Bryce, a partner at legal firm Dentons recommended retailers keep detailed written records on the location of data, third party contacts and consent obtained from customers.
She said: “Retailers should review current consent procedures. Consent obtained pre-GDPR may have to be re-obtained if it does not fulfil the new requirements.
“Similarly, all third party contracts should be reviewed. It is likely that additional contracts will need to be drafted for third party processors.”
