Struggling to meet your data protection obligations when it comes to retail crime data? Auror’s General Counsel and Data Protection Officer, Frith Tweedie, explains how the Auror platform can help make compliance a breeze.
Q: How does GDPR affect retail crime data?
A: Both the General Data Protection Regulation - better known as “GDPR” - and the UK’s post-Brexit version place strict rules around how retail Asset Protection/Loss Prevention teams can collect, use and store personal data. And yes, GDPR applies to retail crime data as well as the more obvious loyalty and customer data. But services like Auror’s retail crime intelligence platform can help make data protection compliance one less headache for UK retailers.
Q: How can Auror help me comply with GDPR?
A: The Auror platform takes the pain out of your UK GDPR compliance efforts by providing a safe and secure way for you to collate, store and use information about retail crime. The platform also enables your users to access that data in a controlled way and limit sharing to trusted third parties.
This is in stark contrast to many existing practices used by retailers - like offender “walls of shame” or the sending of personal data via email and messaging apps - that create real risks of data breaches and large fines for UK GDPR non-compliance.
The Auror platform enables retailers to move away from inefficient manual processes and unsafe sharing arrangements to a central secure platform with carefully designed controls around how and when information is shared.
Q: Am I still in control of my data with Auror?
A: Definitely. As a data controller, you will always be in control of the data you upload to the platform. Auror is a data processor, which means we only store and process personal data on your behalf and always according to your instructions.
Q: Will my data be secure?
A: As a data processor, we take great care to implement technical and organisational security measures to protect the data we hold on behalf of our customers. Our platform is hosted by Microsoft Azure and UK retailer data will be held in a secure UK data centre at all times. The platform is securely encrypted and we also encrypt all information in transit to and from Auror.
Q: What about subject access requests - are they any easier with Auror?
A: The Auror platform takes the pain out of responding to subject access requests because all your retail crime data is held in one place - not spread across multiple systems. This makes it much easier for you to satisfy your customers’ personal data rights, including their rights of access, erasure and portability. What’s more, Auror helps users “connect the dots” on offending.
But that’s not all…
Here are some of the other ways Auror helps retailers protect their information and meet their data protection obligations.
- Data minimisation: The Auror event reporting form is designed to ensure that users only upload personal data that is relevant, accurate and up to date.
- Data retention: We’ve configured the platform to make sure you don’t increase your data protection risks by holding on to personal data forever.
- Robust controls: Safeguards built into the Auror platform control the way information can be accessed and handled by users. All users must agree to our Terms of Use, which detail how they can use the platform and the information on it.
- Data ethics: We don’t just focus on compliance minimums. We take a broader view of data ethics, including by ensuring the platform does not facilitate racial profiling, the selling of personal data to third parties or automated decision-making about people.
At Auror, data protection and security are foundational to our business - just like they are to yours. That’s why we have embedded Data Protection by Design principles into our world-class platform, meaning we can help you navigate your data protection obligations with ease and build community trust at the same time.
Learn more about Auror UK here.