Food Safety
search
cart
facebook twitter linkedin
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Safety
  • NEWS
    • Latest News
    • White Papers
  • PRODUCTS
  • TOPICS
    • Contamination Control
    • Food Types
    • Management
    • Process Control
    • Regulatory
    • Sanitation
    • Supply Chain
    • Testing and Analysis
  • PODCAST
  • EXCLUSIVES
    • Food Safety Five Newsreel
    • eBooks
    • FSM Distinguished Service Award
    • Interactive Product Spotlights
    • Videos
  • BUYER'S GUIDE
  • MORE
    • ENEWSLETTER >
      • Archive Issues
      • Subscribe to eNews
    • Store
    • Sponsor Insights
  • WEBINARS
  • FOOD SAFETY SUMMIT
  • EMAG
    • eMagazine
    • Archive Issues
    • Editorial Advisory Board
    • Contact
    • Advertise
  • SIGN UP!

How GDPR affects the U.S. grocery industry

Several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but also through international marketing efforts.

By Greg Sparrow
ComplianceData Greg Sparrow
May 1, 2018

The General Data Protection Regulation (GDPR) continues to be an important topic of conversation for U.S. companies. Since its inception, the GDPR has raised a number of questions as to whether businesses are properly prepared to comply.

The GDPR was adopted on April 27, 2016 and allotted a 2-year post-adoption grace period for businesses to strategize and implement their compliant approach. With only three months left, it has been reported that an estimated 61% of U.S. businesses are not ready for the regulation, and that only 67% of European-based businesses have begun moving into the implementation phase of their GDPR compliance program, according to a study produced by TrustArc, San Francisco. The potential fines have many concerned about compliance as the May 25 date of enforcement approaches, but businesses struggle with fully understanding the regulation, thus failing to launch a comprehensive plan.

Turning our focus to the grocery industry, several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but also through international marketing efforts. For example, after Amazon, Seattle, Wash., acquired Whole Foods Market, Austin, Texas, in June 2017, the e-commerce giant became America’s fifth-largest grocery retailer. Outside of the benefit of concrete locations near its customers, the marketing data obtained through the acquisition provided Amazon valuable behavioral statistics on grocery-buying habits, patterns and product preferences.

The GDPR places Amazon’s acquired Whole Foods business unit under scope not only for its presence in the United Kingdom, but also due to its monitoring of European Union (EU) data subjects and attempt to offer them goods and/or services. Amazon’s practices most likely include the use of automated individual decision making against EU data subjects, requiring explicit consent under the GDPR. Processing is broadly defined in the regulation to include most actions that can be performed with data and can specifically refer to collection and storage, which in this case, would be under Amazon’s wheelhouse. The retailer must therefore have processes in place to honor nine distinct rights awarded to EU data subjects, and be able to operate under the guiding privacy principles defined within the GDPR. The regulation further dictates appropriate security efforts around the protection of personal data, establishes breach reporting requirements and increases risk associated with vendors processing this data. These expansive requirements make the process of marketing and vendor outsourcing more complex for anyone with a direct consumer relationship with EU data subjects.

Many smaller agencies may not be considering the new regulations as seriously as they should be, but past enforcement actions point to enforcement risk even with smaller agencies. The GDPR states that non-compliant companies posing a risk to EU citizens and their privacy can be fined up to $20 million or 4% of their global turnover for the previous fiscal year, whichever is greatest. It is important to note that this fine would be per violation. It can certainly be assumed that larger repercussions would be imposed in this hypothetical case, since case law suggests similar types of violations don’t stand alone and typically occur with others. 

There are several steps that companies must immediately embark on to mitigate their exposure to risk. A solid start begins with understanding GDPR regulation applicability to various parts of the business, and understanding each unit’s risk profile to establish priorities for the initiative. Once risk and priorities have been identified, it is critical for organizations to identify and establish their lawful basis for processing of this data.

Every industry has its own unique risk and operational challenges, and every business within has its own maturity relative to industry peers. Using the trusted counsel of a compliance firm helps to quickly identify both industry and organizational risk that, as a non-biased third-party, are often otherwise overlooked. A risk management and compliance consulting firm can help organizations quickly identify risk, formulate a plan to mitigate this risk and set up ongoing monitoring programs to maintain valuable records of compliance. 

Some have suggested the GDPR will set the global precedent for data privacy and security regulations.  Brazil and China have both showed interest in forming similar requirements to protect the privacy of its citizens’ personal information from businesses storing and transferring data across borders.

To adequately prepare for the GDPR and similar regulations, businesses must become educated on these regulations and determine how to conquer the requirements. Applicable processes and procedures can help minimize exposure to fines, but also provide an opportunity within the market to reassure customers and earn their trust.

 

This article was originally posted on www.refrigeratedfrozenfood.com.
KEYWORDS: data analytics data management General Data Protection Regulation risk management strategies

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Greg Sparrow is senior vice president and general manager of CompliancePoint, Duluth, Ga.

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • people holding baby chicks

    Serovar Differences Matter: Utility of Deep Serotyping in Broiler Production and Processing

    This article discusses the significance of Salmonella in...
    Testing & Analysis
    By: Nikki Shariat Ph.D.
  • woman washing hands

    Building a Culture of Hygiene in the Food Processing Plant

    Everyone entering a food processing facility needs to...
    Management
    By: Richard F. Stier, M.S.
  • graphical representation of earth over dirt

    Climate Change and Emerging Risks to Food Safety: Building Climate Resilience

    This article examines the multifaceted threats to food...
    Contamination Control
    By: Maria Cristina Tirado Ph.D., D.V.M. and Shamini Albert Raj M.A.
Manage My Account
  • eMagazine Subscription
  • Subscribe to eNewsletter
  • Manage My Preferences
  • Website Registration
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Food Safety Magazine audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Food Safety Magazine or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • mold
    Sponsored byIFC

    Tackling Mold Remediation in Food Processing Plants

  • a worker in a food processing plant
    Sponsored byLPS® DETEX®

    How a Beverage Facility Improved Food Safety and Compliance with Detectable Packaging Solutions

  • Two men standing in a produce storage facility having a discussion.
    Sponsored byOrkin Commercial

    Staying Compliant With FSMA

Popular Stories

smoked salmon in oil

Study Shows Food Type Significantly Affects Listeria’s Ability to Survive Digestion, Cause Sickness

straight-on view of u.s. capitol hill

Bill Reintroduced to Congress Would Require FDA to Systematically Reassess Food Chemicals

FSM podcast

Ep. 197. Jatin Patel: Lessons Learned and Best Practices for Handling a Recall

Events

July 15, 2025

Hygienic Design Risk Management: Industry Challenges and Global Insights

Live: July 15, 2025 at 11:00 am EDT: From this webinar, attendees will learn the importance of hygienic design to ensure food safety and sanitation effectiveness.

July 22, 2025

Beyond the Binder: Digital Management of Food Safety

Live: July 22, 2025 at 3:00 pm EDT: During this webinar, attendees will learn best practices for the use of digital food safety management systems across industry and regulatory agencies.

August 7, 2025

Achieve Active Managerial Control of Major Risk Factors Using a Food Safety Management System

Live: August 7, 2025 at 2:00 pm EDT: From this webinar, attendees will learn about changes to the FDA Food Code, which now includes a requirement for FSMS. 

View All

Products

Global Food Safety Microbial Interventions and Molecular Advancements

Global Food Safety Microbial Interventions and Molecular Advancements

See More Products
Environmental Monitoring Excellence eBook

Related Articles

  • From Bonds to Burritos: How the Increasing Criminalization of Regulatory Offenses Affects the Food and Beverage Industry

    See More
  • How Your GMP Program Affects the Bottom Line

    See More
  • Listeria Recall Affects Major U.S. Food Retailers

    See More

Related Products

See More Products
  • 1119053595.jpg

    Food Safety for the 21st Century: Managing HACCP and Food Safety throughout the Global Supply Chain, 2E

  • 1119258073.jpg

    FSMA and Food Safety Systems: Understanding and Implementing the Rules

  • 9781032369990 (1).webp

    Food Safety Quality Control and Management

See More Products

Related Directories

  • U.S. Packaging & Wrapping LLC.

    Focused on customer packaging solutions, U.S. Packaging & Wrapping can assist with product preservation and protection. Sales staff can assist with modified atmosphere packaging, shrink wrapping, and safely securing pallet loads. Call to speak with a representative today.
  • PATLITE (U.S.A.) Corp.

    Since 1947, PATLITE has offered state-of-the-art equipment for the process and industrial automation industries. Innovative and durable design, backed by years of industry experience and a strong commitment to safety and security, has made PATLITE the world's best known manufacturer of visual and audible signaling devices.
×

Never miss the latest news and trends driving the food safety industry

eNewsletter | Website | eMagazine

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Directories
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • Instagram
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing