Is your business GDPR ready? Well, all you need to know about GDPR compliance

 

Often, we talk about the data protection and our personal data being used by companies to personalise the customer experience which is collected by various means. When you think of your local grocery store, large retailers, off-licence, Pubs, Cafes or beverage company like Coke cola and Pepsi, personal data and data protection may not come to mind. Those in the food and beverage business, should evaluate how they manage information obtained through loyalty card programs, mailing lists, and e-receipts, social media platforms, that’s where the General Data Protection Regulations pops in.

Let’s understand what is GDPR. 

The General Data Protection Regulation (GDPR) took effect in all EU member states on May 25, 2018. The GDPR establishes a single European data protection law, resulting in a considerable standardisation of data protection regulations and standards across the EU. Having a single horizontal framework law to comply with will assist businesses, promote responsibility when dealing with personal data, and ensure that data protection rules are consistent across the EU.

7 Key Principle of GDPR 

Lawfulness, fairness and transparency 

Obtain the information in a legal manner, completely notify the individual, and maintain the trust of the customer.

Purpose Limitation 

Collected for specific, stated, and legal purposes and not further processed in a way that is incompatible with those goals Further processing for public interest archiving, scientific or historical research, or statistical reasons shall not be considered incompatible with the initial purposes. 

Data Minimisation 

Appropriate, relevant, and restricted to what is required for the purposes for which they are processed  

Accuracy 

Data should be accurate and up to date. Every reasonable action must be taken to ensure that incorrect personal data is destroyed or rectified as soon as possible, taking into account the purposes for which they are processed.

Storage Limitations 

This principle refers to data minimisation and specifies that personal data shall be "maintained in a form that allows data subjects to be identified for no longer than is necessary. You'd have to decide on a retention time for the personal data you acquire and prove that it's necessary for your unique goals. Remember to keep track of everything. 

Integrity 

The concept of integrity and confidentiality requires you to handle personal data with care, including safeguarding against unauthorised processing and unintentional loss, destruction, or damage. To secure your customers identities, you must employ effective solutions.

Accountability 

You are accountable for adhering to the GDPR's standards. All policies that govern the gathering and processing of data must be thoroughly documented under the new regulation. Every stage of your hotel's data management must be meticulously formulated and justified in written form. When authorities ask for proof of GDPR compliance, you must be able to show the authorities the documentation that confirm it.

Well, what are key points to be considered for businesses in food and beverage industry?

In practice, gathering information is a vital component of providing excellent customer service and ensuring that consumers receive a more personalised and customised service. With that in mind, we've compiled a list of issues that any company in the food and beverage industry should prioritise when preparing for GDPR.

Accountability: Under GDPR, companies must be accountable and able to demonstrate how they comply with data protection legislation and, in most cases, document it. This could entail rethinking consent capture techniques, renewing fair processing methods and evaluating privacy notifications. For many, this will involve going over data protection information on websites, online application forms, interactive voice recordings, call centre scripts, proposal and application forms, renewal letters, and annual account statements once more. 

Legal basis for Processing: Article 6 GDPR lays out the legal grounds for processing personal data. Individual consent is required for the following reasons: performance of a contract; compliance with a legal obligation; protection of a person's vital interests; performance of a task carried out in the public interest; or pursuit of the company or organisation's another's legitimate interests. Companies may have relied on consent and legitimate interests in the food and beverage industries to process personal data prior to GDPR. In examining the legal bases under GDPR, a great deal will rely on how and why you proceed.

Consent: Article 7 of the GDPR has tightened the requirements for legitimate consent as a legal basis for data processing. It's important to think about whether consent was freely provided, and the individual should be able to withdraw consent for processing at any moment. Consent should not be taken for granted and must be secured prior to data processing.

Retention Policy: How long will your company keep a person's personal information?

A variety of factors will have an impact on this. Depending on the nature of your business, you may be subject to legal restrictions. Keep the data for as little time as possible in accordance with your business's needs, store it securely while it's in your control, and make sure to delete it completely and safely when the time comes.

Transparency: One of the GDPR's fundamental criteria for data protection. It essentially mandates that information be communicated to customers on the acquisition and processing of their data in a clear and straightforward language in a simple, and easily accessible way.

Breach of Personal Data: Breach of personal data can have serious effects, both financially and in terms of reputation. Data breaches must be reported to the local data protection authority within substantially shorter timeframes than before under the GDPR. Customers who are affected by a data breach that poses a high risk to their privacy rights must be notified as soon as possible.

Conclusion 

This is just a sample of the modifications that will be implemented as a result of GDPR. Businesses in the food and beverage business must understand what data they collect, what they do with it, and what their clients or consumers require. Under the GDPR, large fines of up to €20 million or 4% of annual turnover can be imposed, and customers can seek compensation if personal rights are violated. Businesses should assess and revise their data collection policies and procedures.

                                   

Author -  Pramod Kareppanavar

                   Msc Digital Marketing, Dublin Business School

 

Reference:

Everything you need to know about GDPR compliance (2019) GDPR.eu. Available at: https://gdpr.eu/compliance/ (Accessed: 2 June 2021).

GDPR and the pub – Drinks Industry Ireland (no date). Available at: https://www.drinksindustryireland.ie/gdpr-and-the-pub/ (Accessed: 2 June 2021).

GDPR Update: Data Security in the Food & Beverage Industry Mason Hayes Curran (no date). Available at: https://www.mhc.ie/latest/insights/gdpr-focus (Accessed: 2 June 2021).

How business process management propels retail, beverage companies toward GDPR compliance (no date). Available at: https://www.refrigeratedfrozenfood.com/articles/94989-how-business-process-management-propels-retail-beverage-companies-toward-gdpr-compliance?v=preview (Accessed: 2 June 2021).

Focus Keyword - Data protection, Personal data protection, Importance of GDPR, GDPR compliance, Data breach, Data storage, GDPR for food and beverage industry. GDPR readiness, 

Hashtags - #gdprcompliance #gdprcompliant #gdprfines #gdprcompliancechecklist #beverageindustry