pixel

RETAIL AND E-COMMERCE

 

Top 5 Common Data Protection Mistakes in the Retail and E-commerce Sector.

 

Data protection is important for any business, regardless of the sector they are in and those that work in the retail and E-commerce sector face some unique hurdles and threats in this field. The following are five of the most common mistakes we encounter when auditing and consulting in this sector.

  1. Not handling their supply chain – Last year there was a 78% increase in supply chain attacks. Supply chain attacks are where your supplier’s systems are exploited to launch a cyber-attack against you. However, many retailers are still not conducting due diligence on their suppliers and in many cases, are lacking the legally required contracts or other legal agreements.

 

  1. Holding data too long – Under GDPR you should not be holding data indefinitely, yet many retailers and e-commerce agencies do this with some keeping entries in marketing databases for many years or more. It is important to regularly review the data that you hold and to securely dispose of the data that is no longer in use. We recommend having a data retention policy to state how long different types of data are held.

 

  1. Not complying with marketing regulations – In the UK there is a piece of legislation called the Privacy and Electronic Communications Regulations (PECR), which sets restrictions on the use of personal data for marketing. The most common mistake we see regarding this is where people are added to mailing lists when they make a purchase but are not given the opportunity to opt out.

 

  1. Poorly written privacy notices – Data protection legislation requires you to inform your customers of a number of things. In our experience, these notices are often missing, incomplete, vague or incorrect. 

 

  1. Having no breach response plan – Studies show that between 60% and 70% of businesses affected by a cyber-attack close down within 6 months of the incident, yet many of the retailers and E-commerce organisations we audit still lack a plan to respond to these incidents. The key to not being one of these statistics is to have a robust plan in place that has been tested. If you are stuck, our template is a great place to start.

 

….To be continued in Part 2

If you want to speak to one of our experts about any of the content in this article, you can book a free 30 minute no commitment consultation here.

RELATED PRODUCTS