How has GDPR affected digital data management among food businesses?

As the countless email notifications flooding inboxes across the world would suggest, the introduction of the General Data Protection Regulation (GDPR) in May 2018 represented one of the most seismic shake-ups in the history of digital data management.

No matter their geographic location or field of industry, almost every business in the globalised world has been affected by GDPR, and the food and drink sector is no exception to this. In fact, as a market where digital innovations are starting to build momentum in a big way, it could be argued that food handlers and suppliers have been particularly keenly affected by GDPR, with optimistic digital-powered growth strategies having to be tempered by a sober look at the data protection responsibilities that these will now create.

That isn't to say that GDPR compliance needs to be seen as an onerous or impossible task; rather, it's simply necessary for food businesses in a post-GDPR world to properly account for the impact of the new legislation, and ensure that their staff and infrastructure are ready to adhere to the high standard of data stewardship expected by regulators and consumers alike.

The growing importance of digital data among food businesses

There may once have been a time when the food and drink sector would have been considered a relatively low-tech, but in 2018 that's no longer true, and current trends suggest that digital data will only become more central to modern business practices in the years to come.

In its trend analysis for the global food and drink industry, the leading market intelligence agency, Mintel, identified personalisation as one of the most important drivers of change for the sector in 2018, with the proliferation of online and mobile services reshaping consumer expectations of their interactions with providers of groceries and dining experiences.

Food and drink purchases are no longer seen as one-time transactions; instead, consumers are looking to foster long-term relationships with their favourite shops and establishments, allowing them to take advantage of perks such as loyalty and reward schemes, home delivery options, subscription models, automatic replenishment and tailored cross-promotions. Providing these kinds of services can be hugely lucrative for vendors, but doing so requires them to collate large amounts of data on user preferences and purchasing trends, which then need to be analysed intelligently to provide workable insights.

When also taking into consideration the ever-growing dominance of digital payment methods and the proliferation of food apps, and it becomes clear that a coherent digital data management strategy is now a necessity for food businesses, rather than a nicety.

What impact has GDPR had so far?

These trends have lent considerable additional weight to the introduction of GDPR on May 25th 2018, a development that already represented the biggest shake-up of data protection laws in several decades.

With GDPR going into force, consumers have been handed much greater control over the use of their own personal data, meaning businesses now require explicit informed consent to store and process their customers' private information, which can be accessed or rescinded at the consumer's discretion at any time. Companies are now under obligation to have defined plans of action in the case of a data breach, and must report such incidents as soon as they become aware of them.

While it remains too early to get a comprehensive insight into the impact of GDPR so far, it's been clear that the business community has taken note, with firms rushing to complete data audits and overhaul their policies prior to the May deadline. The reasoning for this is clear – non-compliance with GDPR puts companies at risk of a fine of €20 million, or four per cent of the organisation's turnover, as well as potentially irreversible reputational damage. In today's data-driven economy, being seen as an untrustworthy data steward is a risk that no business can afford to take.

What systemic changes will be needed going forward?

With May 25th having come and gone, GDPR is no longer a looming prospect on the horizon – it's the law, and it's here to stay for British food businesses, regardless of the terms of the UK's departure from the EU. This means that GDPR-related updates to digital data policies cannot be treated as a one-off change; instead, companies need to instil an ongoing cultural dedication to data management excellence at all levels of the organisation.

This means making sure that your technical infrastructure is consistently updated to ensure it remains secure and fit for purpose, even if the amount of information your organisation is processing increases exponentially as digital strategies take centre stage; it also means training all members of staff on data protection and cyber security standards, encouraging workers to progressively build on this expertise in line with best practice standards. After all, a chain is only as strong as its weakest link, and it only takes one misaddressed email or compromised download to land your entire company in seriously hot water.

By taking steps to enshrine GDPR-compliant data protection standards as a key pillar of your organisation's skill set, your food service company will be able to stay a step ahead of the regulators and the cyber criminals, allowing you to reap all the benefits of a modern data-rich business strategy while keeping the risks and dangers to a minimum.

Contact Virtual College today to discuss how we can help deliver your training program or assist with your learning and development strategy here. With over 20 years’ experience in the industry and over 3 million learners we are passionate about developing e-learning training content for personal and professional development that delivers real impact. We are not about the brand; we are about the project!