Bryan Cave Research Reveals 100% of Retail Websites Surveyed are Non-compliant with Incoming GDPR
A survey of almost 300 retail websites by international law firm Bryan Cave has revealed that 100% are non-compliant with the incoming General Data Protection Regulation (GDPR) which comes into force on 25 May 2018.
The GDPR will impose uniform data protection laws across the EU member states in an effort to harmonise national laws, and will thereby create additional obligations for many businesses that process personal data. The new law will apply to both EU and non-EU data controllers and data processors that either (1) offer goods or services to data subjects in the EU or (2) monitor data subjects’ behaviour insofar as their behaviour takes place within the EU. Failure to comply with the incoming GDPR may expose businesses to a fine of up to the greater of €20 million or 4% of annual revenue.
Nicola Conway, Associate in Bryan Cave's Technology, Entrepreneurial and Commercial Team and Coordinator of Bryan Cave's Website Review Service, commented: “Our GDPR Website Review Service has revealed a consistent lack of compliance across the customer-facing elements of UK e-commerce sites. Businesses are expected to make a multitude of internal organisational changes to ensure GDPR compliance ahead of May 2018 including, but not limited to, updating their websites. Our findings are undoubtedly indicative of deeper non-compliance throughout businesses generally, and that needs to change.”
Carol Osborne, London office Managing Partner and Partner in the Retail Team at Bryan Cave, commented: “Customer data is at the core of a retailer's business and the incoming changes in data privacy laws will have significant ramifications for these businesses. The worst case scenario is that previously collected customer data will be unavailable for use after May 2018 without risking substantial fines. With the compliance deadline just over 200 days away, time is running out for website operators to bring their websites into compliance and to complete the necessary internal assessments of their data collection and data protection practices.”
The Retail Team in Bryan Cave's London office undertook this research using the Bryan Cave Website Review Service that assesses and tests the GDPR-compliance of the customer-facing elements of e-commerce websites governed by English law.
Below is coverage of this survey by media outlets including:
Jan. 8, Financial Times (subscription required)
Nov. 14, Retail Times
Nov. 14, The Times’ Brief
About Bryan Cave LLP
Bryan Cave is a global law firm with more than 900 highly skilled lawyers in 26 offices in North America, Europe and Asia. The firm represents publicly held multinational corporations, large and mid-sized privately held companies, emerging companies, nonprofit and community organizations, government entities, and individuals. With a foundation based on enduring client relationships, deep and diverse legal experience, industry-shaping innovation and a collaborative culture, Bryan Cave’s transaction, litigation and regulatory practices serve clients in key business and financial markets.
+44 (0)20 7092 3994
+44 (0) 20 3207 1299
This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.