Data Protection – Considerations for Online Brands

The popularity of shopping online has undoubtedly made buying your favourite shoes or handbag even easier, but the ever-growing list of considerations for brands has only gotten longer! One of the main headaches is data protection.

For brands with an online presence already, or those just starting out online, a key consideration should be keeping your customers’ data safe.

Shops

Could online shopping be the end of the traditional experience?

What do I need to know?

In the UK, the Data Protection Act 1988 (DPA) contains certain obligations that anyone processing personal data must comply with. On your website, personal data will be things like your customer’s name, date of birth, address and so on. As the owner of a brand operating online, you may be considered the data controller under the DPA, and therefore the one responsible for protecting the data!

Padlock 2

Always know whether you are responsible for keeping data secure!

One of your top priorities, regardless of whether you are a data controller or data processor, should be ensuring you have privacy and cookie policies displayed clearly on your site.

What’s a Privacy Policy?

A privacy policy simply sets out what you will do with the customer data you have collected. Before gathering data, you should make customers aware of why you need this. A wise move would be to ensure you have a privacy policy clearly visible on your website, explaining to customers what data you are collecting and why.

Data should only be collected for a lawful purpose (so for the processing of those new orders flowing in!) and you should make sure you tell customers when you make any changes to why you are collecting the data.

Shopping cart area

Don’t forget to let your customers know why you are collecting their data, as well as saying “thank you” for the purchase!

You always need to ensure you collect the data securely too, and don’t keep this for longer than needed.

If you send or plan on sending marketing emails (those wonderful discount emails), you should mention this in your policy.

What’s a Cookies Policy?

Cookies are text files implanted onto customers’ hard drives, which enable you to collect information about the person such as their name, address and user preferences. You can then tailor and personalise their shopping experience, and remove annoying tasks such as requiring a customer to re-enter their details before they can shop again. That way they can shop hassle free and even faster!

Cookies

We love cookies!

Cookies can therefore be a really valuable way of finding out about your customers, and encouraging them to return to spend more! You must however make sure you get consent from your customers for the use of cookies, and so a clear cookies policy on your website is a must. This needs to explain why you are using cookies and note that customers always have to opt-in.

Don’t forget about your employees!

You should also remember that data protection applies to employees too! To help guide us through the key data protection considerations for employers and employees, I have asked Razia Begum (our super Senior Associate, specialising in employment law, at Taylor Vinters) to answer some questions that commonly crop up.

An interesting fact about Razia is that not only is she a fantastic employment lawyer, but she also completed a course in fashion design and marketing at prestigious fashion college, Central St Martins – who could therefore be better placed to talk about this?!

Razia-Begum

Introducing Razia Begum, Employment Law Extraordinaire!

FTL: So Razia, what are the main risks we should be aware of?

Razia: In this day and age data is increasingly centralised and managed digitally. Staff data (including financial and sensitive personal data), which is often not adequately protected by employers, may be more susceptible to falling into the wrong hands and being distributed for the wrong reasons.

Employers have a positive obligation to look after employees’ data and a data breach could prove costly. It may also lead to considerable reputational damage and embarrassment for the company.

If a breach does occur employees may also be able to bring claims such as breach of privacy, confidentiality and data protection law. The success of claims such as these relies largely on the degree of financial loss suffered by an employee as a result of the breach.

FTL: What should employers do?

Razia: They should set up effective data protection and fraud prevention (in relation to confidential data as well as revenue) policies, which are implemented and enforced as required. The processes and procedures within such policies should also tie into the organisation’s HR policies and provide for regular awareness training, for example, the key dos and don’ts of compliant big data usage.

Padlock 1

Employee data security is key!

Companies should also ensure they have appropriate policies in place in respect of “bring your own devices” (or BYOD) and remote working if applicable, as both of these can significantly increase the chances of a data breach.

FTL: Thanks Razia, for the stellar input! Lots to consider when looking after your employees’ data.

FTL Round-up

Although the focus should be on prevention rather than cure, in a digital world where online shopping is the norm, breaches are unfortunately almost inevitable, however big or small. Brands should also therefore have robust emergency response plans in place ready for execution should a data breach occur.

Tottenham Court Road and Oxford Street

Online shopping is great, but you can’t beat the hustle and bustle of Oxford Street – or maybe that’s just me!

Data protection can be a mind-boggling subject and this post only highlights a few key taster points! So for more information on data protection feel free to get in touch via the contact me page.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s