The Retailer SUMMER 16_v7

risks and security

“Even after the UK ceases to be a member state, the GDPR’s provisions will still be relevant to UK businesses...”

While this approach might risk over-compliance (and so each project will need to be considered on its facts), that risk pales alongside the substantial financial and business risks that would potentially attend non-compliance. DSM? Similar conclusions apply to the digital single market agenda (DSM) currently being developed as an EU Commission priority. Key elements of the DSM proposals published in December 2015 point towards full harmonisation of consumer protection laws where goods and services are sold online. Other proposals include prohibition of “geo-blocking” unless objectively justified – with a string indication that there can be no justification for blocking access in any EU member state to online content sold in another. Again, the UK’s continuing business relationship with EU member states will mean either that DSM or a regime closely modelled on DSM is likely to apply. Prepare for compliance, and avoid the risk of exclusion from key markets. Beyond Mere Compliance The risks that flow from hacking or data breach are, of course, not confined to administrative fines and a potential liability to compensate anyone directly affected. As many businesses have already found a major data breach can inflict serious reputational damage, in some cases triggering sharp falls in share value and fatally undermining consumer trust and confidence. UK-based fraud prevention company Semafone found in 2015 that 86.55 percent of 2,000 respondents stated that they were “not at all likely” or “not very likely” to do business with an organization that had suffered a data breach involving credit or debit card details. The numbers were slightly lower if home and email addresses and telephone numbers had been lost. In a 2011 US-based report Experian and the Ponemon Institute concluded that the reputational fallout from a serious data breach can shave between 17% and 31% from brand value.

Data protection is a matter of law. Cyber-security is a matter of survival.

GAVIN MATTHEWS AND PETER GIVEN // gavin.matthews@bonddickinson.com // www.bonddickinson.com

retailer | summer 2016 | 33