It’s both your responsibilities!

May 25th 2018

It came 

And it went

And the world didn’t end!

So why are we talking about the GDPR now when the law came into effect over 2 years ago?

The reality of the situation is that once the initial panic ran out of steam, businesses realised that nobody was going to be knocking on their door to demand to see what they have done about meeting their new legal requirements.

In the franchise world the level of confusion leading to non-activity is ramped up a little.

As legal entities, franchisees are responsible for meeting, managing and evidencing exactly what they have done and are doing to meet their legal obligations. In fact, isn’t this the attraction of becoming a franchisee in the first place? 

It’s fair to say that a lot of franchisees assume that data protection is all sorted by the franchisor.

Some parts are – but a privacy policy given to you by your franchisor does not a data protection safety bubble make!

What about Franchisors?

Changes in data protection law mean that you now need to be concerned with what ALL of your franchisees are doing to meet their legal requirements with data protection.

‘But it’s none of my business!’ I hear you cry.

Technically you may be correct but think about this 

Whose brand will be in the local paper if your franchisee is not doing what they are supposed to be doing?

So I guess you have a choice – you can shout the oft used line of ‘ it’s the franchisees responsibility’ and hope that nothing bad happens OR you can help, you can manage, you can use your pro-active stance on data protection as a badge of honour .

Isn’t this the reason your franchisee chose you in the first place?

How did we end up working with the franchising sector?

It’s fair to say that when we first started GDPR Systems best part of 4 years ago, we didn’t really know which industry/sector we would be working in.

We had a great idea but more important was the driving force behind the idea.

It was very simple.

How do we help everyday businesses get to grips simply and easily with what can be a complicated law.

People always seem to choose the path of least resistance and for most SME’s data protection seems to consist of having an up to date privacy policy – which is only the tip of the iceberg!

It took us a long time to find it but I’m proud to say that we’ve found our niche.

We partner with like minded franchisors to help them and their franchisees get up to speed and be able to pro-actively manage their responsibilities.

The partnerships – and they are working partnerships – have a very simple motivation – everybody involved should benefit.

Franchisor, franchisee and us.

If they are not wired this way then we can’t help.

It’s a partnership in the strongest sense of the word.

And it’s something we are very proud of.

May the journey continue for a long time :0)

What’s your journey been like?

#franchising #franchisor #franchisee #GDPR

GDPR, CCTV and convenience stores


GDPR is a new regulatory framework which is due to come into effect on 25th May 2018. It will standardise and make businesses accountable for the personal information they hold of people within the European Union – this includes the UK, regardless of Brexit.

CCTV images and audio are seen as personal data and under the new regulations will need to be taken much more seriously when it comes to data protection.

CCTV has long been the weapon of choice in the fight against crime for convenience stores. Intelligent store layout and shrewd placement of cameras is a proven strategy, particularly at entrances, exits and till points.

Convenience stores will have many unique challenges, and will face a very specific and diverse set of issues on a daily basis. Cameras will be used for everything from monitoring age restricted sales to self-service tills to anti-social behaviour.

In addition, many stores have extra cameras in areas such as stock rooms and staff areas, to help deter any internal theft. Staff theft can take many forms such as price overrides, taking cash from the till, double ordering or fraudulent refunds. Aiming to prevent these types of theft is a justification for a CCTV system, particularly if it’s something that’s happened before.

In terms of customer theft, certain higher value items like meat and alcohol may also require CCTV surveillance and again this is acceptable under the new directive. However, once GDPR comes into force, camera location and purpose will need to be scrutinised and documented in more detail than before and the purpose of each camera should be very clear. Staff must also be fully informed and trained on all policies and procedures that the company has in place regarding the store’s use of CCTV.

Fines for a lack of adherence to the GDPR can top 4% of annual turnover – a massive deal for a small convenience shop.

Whilst some smaller convenience store groups and individual stores may be exempt from certain aspects of the GDPR, all convenience stores will be faced with other issues such as, for example, if a child is caught stealing from the shop the owner may see this as a personal grievance and wish to show the CCTV evidence to the child’s parents. Under the new legislation however, this could cause issues with privacy and a small business owner should be cautious. Additionally, convenience stores are often located in built up areas or housing estates and privacy of local residents is vital. Store owners should be certain that any external CCTV cameras do not inadvertently ‘look’ into people’s gardens or private property.

What do convenience stores need to do?

There are many ways in which to get lost in the GDPR, however there are some core elements which need to be actioned.

Each store should;

  • Conduct privacy impact assessments
  • Register with the ICO
  • Have in place policies and procedures relating to
  • Good governance in the use of CCTV systems
  • Personal data requests
  • Staff training
  • Retention policies
  • Data deletion policies
  • Data security measures
  • Lawful basis for data processing

In addition to all of the above, relevant personnel should be identified and all actions should be logged.

As the cornerstone of many communities, the local convenience store is often a hub of local activity – both positive and negative, and so owners deserve the right to protect their property, their staff and their customers. CCTV represents a very effective way of doing this  – and it whilst it may be daunting and time consuming for many owners to ‘get up to speed’ with the GDPR, the benefits will far outweigh the consequences if it is done properly.