Retailers warned about new cyber rules

The Trinity Shopping Centre, Leeds. All retailers must guard against cyber security breaches.
The Trinity Shopping Centre, Leeds. All retailers must guard against cyber security breaches.
Have your say

BRITAIN’S biggest retailers have been warned they could face colossal fines if they ignore new cyber security regulations that are being imposed across the European Union.

The new EU data protection framework, the national living wage and the apprenticeship levy were listed among the “reasons to be fearful” at a retail seminar held in Leeds by professional services firm PwC.

However, the Retail & Consumer breakfast briefing also found that UK retailers had plenty of reasons to be cheerful. In particular, PwC highlighted the positive economic outlook, the UK interest rate environment and the fact consumers are feeling confident.

Mick Gorrill, the head of data protection enforcement and regulatory affairs at PwC Legal, warned the audience, which included representatives from major retailers, that they must be prepared for new EU-wide rules on cyber security. Many analysts expect the new legislation to come into force in 2018, but professional services firms like PwC believe retailers must lay the groundwork for the changes now.

Speaking after the seminar, Mr Gorrill told The Yorkshire Post: “Any organisation that collects personal information is a data controller. So that’s everybody who does business.”

He stressed that companies needed to be very careful when handling data about their staff and customers.

He added: “The basis of this is an individual’s privacy. If you’re collecting personal information, you have to do so fairly and lawfully, and you have to keep it secure.

“The General Data Protection Regulation which has been ratified in the EU... comes directly into domestic law in all EU member states.

“It’s not sufficient to say that if you’ve been subject to a hacking, ‘It was a criminal, it’s not our fault’, as you might do if your house was broken into.

“What the regulator will say is, ‘Did you secure it? Did you have up-to-date security on your software?’

“And if you didn’t, then you’re likely to be fined by the regulator. The fines could be massive. It could be up to four per cent of global annual turnover. That is a colossal amount.

“But also within GDPR they are now allowing for individual class actions for distress. So... if I’m upset my personal information has been lost, I can now seek compensation.

“So if you lose 100,000 records, and everybody is trying to get £1,000 from you, that even makes a massive fine look insignificant.”

During the seminar, Kien Tan, the director of PwC’s strategy for retail and consumer, told the audience that department stores remained among the winners in the Christmas trading period, along with household retailers.

Fashion retailers enjoyed a bounce back after a mild Autumn, while lifestyle brands are also experiencing a resurgence, according to Kien Tan, the director of PwC’s strategy for retail and consumer.

However, grocery was a more complex picture, with polarisation not as evident as in the past, Mr Tan said. Consumer sentiment is at an eight-year high and the economic gap between old and young is narrowing, according to PwC research.

The PwC Retail & Consumer breakfast in Leeds also highlighted potential future costs to retailers, such as logistics and rents.