Several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but also through international marketing efforts.

May 1, 2018

The General Data Protection Regulation (GDPR) continues to be an important topic of conversation for U.S. companies. Since its inception, the GDPR has raised a number of questions as to whether businesses are properly prepared to comply.

The GDPR was adopted on April 27, 2016 and allotted a 2-year post-adoption grace period for businesses to strategize and implement their compliant approach. With only three months left, it has been reported that an estimated 61% of U.S. businesses are not ready for the regulation, and that only 67% of European-based businesses have begun moving into the implementation phase of their GDPR compliance program, according to a study produced by TrustArc, San Francisco. The potential fines have many concerned about compliance as the May 25 date of enforcement approaches, but businesses struggle with fully understanding the regulation, thus failing to launch a comprehensive plan.

Turning our focus to the grocery industry, several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but also through international marketing efforts. For example, after Amazon, Seattle, Wash., acquired Whole Foods Market, Austin, Texas, in June 2017, the e-commerce giant became America’s fifth-largest grocery retailer. Outside of the benefit of concrete locations near its customers, the marketing data obtained through the acquisition provided Amazon valuable behavioral statistics on grocery-buying habits, patterns and product preferences.

The GDPR places Amazon’s acquired Whole Foods business unit under scope not only for its presence in the United Kingdom, but also due to its monitoring of European Union (EU) data subjects and attempt to offer them goods and/or services. Amazon’s practices most likely include the use of automated individual decision making against EU data subjects, requiring explicit consent under the GDPR. Processing is broadly defined in the regulation to include most actions that can be performed with data and can specifically refer to collection and storage, which in this case, would be under Amazon’s wheelhouse. The retailer must therefore have processes in place to honor nine distinct rights awarded to EU data subjects, and be able to operate under the guiding privacy principles defined within the GDPR. The regulation further dictates appropriate security efforts around the protection of personal data, establishes breach reporting requirements and increases risk associated with vendors processing this data. These expansive requirements make the process of marketing and vendor outsourcing more complex for anyone with a direct consumer relationship with EU data subjects.

Many smaller agencies may not be considering the new regulations as seriously as they should be, but past enforcement actions point to enforcement risk even with smaller agencies. The GDPR states that non-compliant companies posing a risk to EU citizens and their privacy can be fined up to $20 million or 4% of their global turnover for the previous fiscal year, whichever is greatest. It is important to note that this fine would be per violation. It can certainly be assumed that larger repercussions would be imposed in this hypothetical case, since case law suggests similar types of violations don’t stand alone and typically occur with others.

There are several steps that companies must immediately embark on to mitigate their exposure to risk. A solid start begins with understanding GDPR regulation applicability to various parts of the business, and understanding each unit’s risk profile to establish priorities for the initiative. Once risk and priorities have been identified, it is critical for organizations to identify and establish their lawful basis for processing of this data.

Every industry has its own unique risk and operational challenges, and every business within has its own maturity relative to industry peers. Using the trusted counsel of a compliance firm helps to quickly identify both industry and organizational risk that, as a non-biased third-party, are often otherwise overlooked. A risk management and compliance consulting firm can help organizations quickly identify risk, formulate a plan to mitigate this risk and set up ongoing monitoring programs to maintain valuable records of compliance.

Some have suggested the GDPR will set the global precedent for data privacy and security regulations. Brazil and China have both showed interest in forming similar requirements to protect the privacy of its citizens’ personal information from businesses storing and transferring data across borders.

To adequately prepare for the GDPR and similar regulations, businesses must become educated on these regulations and determine how to conquer the requirements. Applicable processes and procedures can help minimize exposure to fines, but also provide an opportunity within the market to reassure customers and earn their trust.

This article was originally posted on www.refrigeratedfrozenfood.com.

Greg Sparrow is senior vice president and general manager of CompliancePoint, Duluth, Ga.

Using a Quality Management System as a Competitive Advantage

LIVE: March 9, 2021 at 2:00 pm EST: During this webinar, you’ll hear insights, best practices, and lessons learned from an expert panel with experience transforming their quality processes in the food and beverage industry. You’ll also learn how to best leverage rapid digitization to accelerate your quality journey.

How Can Data Science Boost Food Safety?

LIVE: March 16, 2021 at 2:00 pm EDT: Join our live webinar with industry thought leaders to explore the potential power of new technology in improving food safety. We’ll explore how machine learning and big data scanning solutions can help support food safety and traceability when combined with sector expertise.

Global Food Safety Culture Series: Australia

LIVE: March 23, 2021 at 1:00 pm AEDT: The Global Food Safety Series meets you where you live! Continuing with Australia on March 23, regional cultures will be explored at a macro level by Lone Jespersen, Ph.D., Cultivate, the impact of these regional cultural differences on food safety will be discussed by 3M Food Safety, and a practical case will be illustrated by a food safety professional at a food company operating in the specific region under study.

Poll

Food Safety Budget

View Results

Poll Archive

Products

Trends in Food Safety and Protection

Trends in Food Safety and Protection explores the recent developments and ongoing research in the field of food safety and protection. The book covers improvements in the existing techniques and implementation of novel analytical methods for detecting and characterizing foodborne pathogens.

See More Products

How GDPR affects the U.S. grocery industry

Several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but also through international marketing efforts.

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest science-based solutions for food safety.

How GDPR affects the U.S. grocery industry

Several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but also through international marketing efforts.

Related Articles

How to tackle power outages in the food, beverage industry

How the clean label trend is changing the way supplement ingredients are perceived

State of the Industry 2018 Overview: Perspectives from top bakery industry leadership

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest science-based solutions for food safety.