Retailers' poor IT disposal risks GDPR fines
Written by Peter Walker
Despite the General Data Protection Regulation (GDPR) coming into effect over four months ago, the majority of UK retail businesses are risking penalties by failing to adhere to some of the rules.
According to a survey of 1,002 UK workers in full or part-time employment, carried out by Probrand, the majority (57 per cent) of retailers failed to wipe the data from IT equipment they disposed of in the two months following GDPR.
The research also found that 72 per cent of all retailers do not have an official process or protocol for disposing of obsolete IT equipment and 70 per cent of retail workers do not know who to approach within their company in order to correctly dispose of old or unusable equipment.
Proband found that retail businesses - many of which will have customer addresses and contact information on their systems - are one of the worst offending industries in respect of safe and secure IT disposal.
The only industries more guilty of not clearing the memory of IT equipment before disposal in the months following GDPR were transportation (72 per cent), sales and marketing (62 per cent), manufacturing (59 per cent) and utilities (58 per cent).
Matt Royle, marketing director at Probrand, commented: “Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance, so it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.”
He warned that the fines involved in a GDPR breach can potentially run into the millions, while less tangible factors like reputational damage, customer trust and loyalty, “will ultimately become financially significant”.
Research from Frost & Sullivan in August found that UK consumers have only a marginal degree of trust in organisations to protect their digital data, while in June, instaprint research showed only 31 per cent of UK retail businesses are sufficiently prepared for GDPR, despite the legislation coming into effect on 25 May.
Law firm Howes Percival suggested in September that the GDPR has sparked a surge in e-commerce work for law firms stemming from concerns over terms and conditions of sales, but on a more positive note, earlier this week figures from Nosto stated retailr marketing emails are now almost a third more likely to be opened and produce two times more sales revenue.