According to Corporate Compliance Insights, more than 50 percent of U.S. businesses are struggling to comply with the EU General Data Protection Regulation (GDPR). Far too many U.S. organizations consider the GDPR to be a strictly European problem, even though retailers that do offer goods and services to or monitor the behavior of EU residents are subject to the Regulation, regardless of their actual location.
Referencing SecurityScorecard’s 2018 Retail Cybersecurity Report, Fouad Khalil, head of compliance at the organization, said, “This year, the retail industry’s security posture fell lower than in years past, both in application security and social engineering. To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals. This report demonstrates the importance of understanding the full retail ecosystem and how the industry is faring when it comes to meeting standard compliance guidelines.”
Issues retailers could face
Recently, SHEIN (aka “Sheln”), a U.S.-based international online retailer, was hacked. Criminals were able to steal personal identifiable information from more than six million customers. The retailer set up a FAQ on its website to keep its customers informed.
Breaches such as these are a call for retailers to minimize their risk. Complying with the GDPR is the proper course of action. Online shopping is borderless. So, it comes as no surprise that shoppers regardless of location have expectations about the safety of their data.
According to Big Four accounting firm PWC’s “Total Retail 2017 report — Retail Disruption – what’s the outlook for the Middle East?” reported the following.
“Online safety continues to be a concern. 62% of consumers are worried about having their personal information hacked via their mobile device. Sixty percent shop online with companies they feel they can trust.”
IT Governance USA Webinar Series
To help North American organizations learn about compliance, IT Governance USA has launched a GDPR compliance webinar series.
The next webinar, “GDPR compliance and information security: reducing data breach risk,” is scheduled for October 23, 2018, 1:00 pm – 2:00 pm EST. Register here >>
The webinar will cover:
- An overview of the GDPR and how an ISO 27001-aligned ISMS can support compliance
- The benefits of implementing an ISMS
- The top risks that result in data breaches and key actions in the event of a data breach
- The technical and organizational requirements to achieve GDPR compliance
You can also register for “Practical advice on how to improve your overall information security in line with requirements?” scheduled for November 12 , 2018, 1:00 pm – 2:00 pm EST.
This webinar will address the following:
- An overview of the current regulatory landscape and the GDPR’s scope
- The main responsibilities and obligations of controllers and processers
- Data breach and incident response management obligations
- The penalties and liabilities imposed on processers and controllers
- The limitations and restrictions on appointing joint controllers and subcontracting processors
Questions will be taken at the end of all webinars.