The popularity of shopping online has undoubtedly made buying your favourite shoes or handbag even easier, but the ever-growing list of considerations for brands has only gotten longer! One of the main headaches is data protection.

For brands with an online presence already, or those just starting out online, a key consideration should be keeping your customers’ data safe.

What do I need to know?

In the UK, the Data Protection Act 1988 (DPA) contains certain obligations that anyone processing personal data must comply with. On your website, personal data will be things like your customer’s name, date of birth, address and so on. As the owner of a brand operating online, you may be considered the data controller under the DPA, and therefore the one responsible for protecting the data!

One of your top priorities, regardless of whether you are a data controller or data processor, should be ensuring you have privacy and cookie policies displayed clearly on your site.

What’s a Privacy Policy?

A privacy policy simply sets out what you will do with the customer data you have collected. Before gathering data, you should make customers aware of why you need this. A wise move would be to ensure you have a privacy policy clearly visible on your website, explaining to customers what data you are collecting and why.

Data should only be collected for a lawful purpose (so for the processing of those new orders flowing in!) and you should make sure you tell customers when you make any changes to why you are collecting the data.

You always need to ensure you collect the data securely too, and don’t keep this for longer than needed.

If you send or plan on sending marketing emails (those wonderful discount emails), you should mention this in your policy.

What’s a Cookies Policy?

Cookies are text files implanted onto customers’ hard drives, which enable you to collect information about the person such as their name, address and user preferences. You can then tailor and personalise their shopping experience, and remove annoying tasks such as requiring a customer to re-enter their details before they can shop again. That way they can shop hassle free and even faster!

Cookies can therefore be a really valuable way of finding out about your customers, and encouraging them to return to spend more! You must however make sure you get consent from your customers for the use of cookies, and so a clear cookies policy on your website is a must. This needs to explain why you are using cookies and note that customers always have to opt-in.

Don’t forget about your employees!

You should also remember that data protection applies to employees too! To help guide us through the key data protection considerations for employers and employees, I have asked Razia Begum (our super Senior Associate, specialising in employment law, at Taylor Vinters) to answer some questions that commonly crop up.

An interesting fact about Razia is that not only is she a fantastic employment lawyer, but she also completed a course in fashion design and marketing at prestigious fashion college, Central St Martins – who could therefore be better placed to talk about this?!

FTL: So Razia, what are the main risks we should be aware of?

Razia: In this day and age data is increasingly centralised and managed digitally. Staff data (including financial and sensitive personal data), which is often not adequately protected by employers, may be more susceptible to falling into the wrong hands and being distributed for the wrong reasons.

Employers have a positive obligation to look after employees’ data and a data breach could prove costly. It may also lead to considerable reputational damage and embarrassment for the company.

If a breach does occur employees may also be able to bring claims such as breach of privacy, confidentiality and data protection law. The success of claims such as these relies largely on the degree of financial loss suffered by an employee as a result of the breach.

FTL: What should employers do?

Razia: They should set up effective data protection and fraud prevention (in relation to confidential data as well as revenue) policies, which are implemented and enforced as required. The processes and procedures within such policies should also tie into the organisation’s HR policies and provide for regular awareness training, for example, the key dos and don’ts of compliant big data usage.

Companies should also ensure they have appropriate policies in place in respect of “bring your own devices” (or BYOD) and remote working if applicable, as both of these can significantly increase the chances of a data breach.

FTL: Thanks Razia, for the stellar input! Lots to consider when looking after your employees’ data.

FTL Round-up

Although the focus should be on prevention rather than cure, in a digital world where online shopping is the norm, breaches are unfortunately almost inevitable, however big or small. Brands should also therefore have robust emergency response plans in place ready for execution should a data breach occur.

Data protection can be a mind-boggling subject and this post only highlights a few key taster points! So for more information on data protection feel free to get in touch via the contact me page.