The General Data Protection Regulation (GDPR), a new law merging easily two of the most sensitive areas of public policy, data protection, and consumer rights, enters into force across the European Union (EU) in May 2018. The law change is aimed primarily at tightening protection on the way businesses store and use the personal data of their customers, increasing in particular, penalties and sanctions on companies that fail to secure sensitive information. The law will affect all 28 members of the EU, including the United Kingdom. In a mark of just how strictly the government plans to enforce this regulation, businesses operating within the region, physically or online, fall under its ambit no matter where they are based internationally.
Key features of the law include an increase in penalties for those businesses that fail to secure their data, including credit/debit card information and customer biodata, for example, as well as requiring explicit authorisation from customers before their data is stored. This includes an obligation to not just explain to them the type of data extracted and how it will be used, but also completely erasing such data if they request it. While the move is advantageous from the perspective of a consumer or citizen, its effects are most acutely felt by small businesses.
Electronic Point of Sale (EPOS) systems are geared to facilitate an efficient way of interacting with customers, handle the numbers inherent to any sales transaction, issue receipts, as well as a range of other services. They optimise the way stores function by keeping track of stocks and inventory, integrate with credit card payment systems, as well as manage customer information. These are a common feature in a range of business environments and are frequently seen in restaurants as well as retail settings.
Given the nature of EPOS setups, it’s easy to see why the General Data Protection Regulation will have a major effect on how such a system is executed in the future. As mentioned, this would now require managers and tech personnel to ensure software containing personal information is constantly updated, and take all possible measures against any potential data breaches. Penalties for a breach that results in the loss of privacy and confidentiality includes a hefty fine that could go up to 4% of annual turnover. The breach could be a result of either a physical theft or even a malware attack, making it obvious that there will be no excuses for those found liable.
Businesses that also use EPOS systems as a way of handling and analysing customer data would most likely be required to re-examine their privacy policies and introduce measures in place to ensure consumers have full knowledge and give their consent to the information collected, an almost unprecedented move in the industry.
The move builds upon regulations already imposed on credit/debit card transactions, as well as other privacy laws already in existence, however, makes it very costly for a business to be caught on the wrong side of the law. Accordingly, any potential data breach detected within a business’ EPOS system must be reported within 72 hours to relevant authorities.
Another key feature of the law change is that it now introduces regulatory obligations on businesses to incorporate the Privacy by Design concept around their system setups and operations, making it sensitive to consumer and data protection. This essentially means that workplace policies with regard to how customers are dealt with, and what kind of information they are entitled to would undergo a significant change. Thus legal obligations will now be in place for consumer consent for any data businesses previously believed they were entitled to, upon purchase of products.
The General Data Protection Regulation undoubtedly sets a more heavily monitored and regulated environment for businesses that use technologies such as EPOS to handle customer data. While the effects of doing so involve the incurring of increased costs, human resources and time, the process does not have to be as daunting as it seems.
Visit our site for further information on how to optimise and gear your EPOS system to meet the new regulations.