Networking in Surrey

GDPR and Franchising: The risk for Franchisors

A fundamental change under data protection laws, in this case, The GDPR – the new data protection regulation which came into force in May – will have particular relevance for anyone involved in a franchisor/franchisee relationship.

Why? Because of the way in which data is handled; a franchisee operates their own business and is, under the existing Data Protection Act 1998 (“DPA”), a controller (i.e. a person that determines the purpose for and manner in which data is processed); franchisors, by contrast, and despite their obvious vested interest in that data (under many franchise agreements, client data can only be used within the franchisor’s system, licensed to the franchisee under their franchise agreement) are not merely associated parties; in fact they also have a vested interest in the information that their franchise network collects and processes. Ultimately, customers or clients are entering into a relationship with the brand, meaning the franchisor. 

From a practical standpoint, a franchisor’s relationship with ‘its’ customer data has arguably been that of a data processor – with access to records of this information maintained and used by its franchisees and, in some cases, to provide facilities to capture prospects or those that might be interested in a franchisee’s products or services, through a central website or micro-site or page dedicated to a particular franchisee’s territory. A franchisor that does not undertake specific analysis on this data as a whole, is arguably no more than a data processor under the current DPA; but under GDPR, processors become subject to much enhanced obligations, not dissimilar to those applicable to their network of franchisees. 

Taking the relationship from another angle, to some degree the franchise network will rely on the franchisor to guide them in best-practice and compliance; after all, their purchase of a franchise would, to some extent, have been to avoid the need to devise, think about and implement much of the back-office function of the business – the expectation within a franchise, as a ‘business-in-a-box’, is to be able to open and focus on sales and growth, without much of burden applicable to a start-up or owner-operator.

Much has been made of the vast fines that could apply to a data breach; these should not be ignored but our own assessment, as with much of the true approach to The GDPR, is that proportionality will play its part.

If it were going to cost a small business with turnover of around £150,000 then spending £30,000 to achieve compliance is disproportionate as this represents 20% of their turnover and possibly a large proportion of the profit of the business.

However, what if you are a franchisor?

With a franchisor’s role in directing and guiding their network of franchisees, whilst they may not be directly responsible for the processing of that data now with their increased obligations under The GDPR, even if they are only a data processor, they have an obvious interest in the protection of their brand/reputation which could be seriously damaged following a data breach by a careless franchisee. Franchisors should be taking the lead and communicating not only with their own internal team but also across their franchise network to ensure that plans are in place and assessments are carried out to minimize the potential risks.

What we are seeing is franchisors handing out masses of information with some guidance and leaving it to the franchisee to create their own compliance policies and procedures. Very often, this doesn’t happen and when it does the work is not sufficient to demonstrate compliance. Surely, the franchisor wants the franchisee to be focussed on the business they are in, not spending months creating policies.

An updated privacy notice will also be required to that clients of the franchisee are made aware that their personal data may be shared with and possibly processed by the franchisor. This will relate to a clause in the operations manual and a procedure and policy should be put in place to ensure best practice.

----------------------------------------------------------------------------------

How we help Franchise Businesses:

As GDPR consultants we are supporting franchisors and franchisees with:
1) Delivering implementation of GDPR, including data minimisation and analysis, not just guidance;
2) Advice and updates to operations manuals, technical notes and training around secure and effective data management;
3) Updated privacy notices and communications, including on websites and social media;
4) Handling data requests and breach notification plans – a data breach now has to be notified within 72 hours; and
Ensuring marketing is conducted legally, including under PECR Regulations.

We also offer Data Protection Officer as a Service; taking away all the worry of GDPR Compliance

Views: 23

Add a Comment

You need to be a member of Networking in Surrey to add comments!

Join Networking in Surrey

This Month's Sponsors (Links)

These NiS MEMBERS help us keep NiS free for you! Click the ads for info and offers...

Meet David Reavely on NiS...

With a diploma in nutritional medicine, PE teacher turned Food Detective’ Dave Reavely detects food intolerances and identifies how your diet and lifestyle affect your health, weight and fitness - and what to do about it! Click for details

Meet John Gower on NiS...

Local Networking Works! Start boosting your business TODAY... Please click the ad for details

Meet Paul Bridgland  on NiS...

Hampshire's biggest Expo for 2019 organised by Connect Surrey and Eagle Radio - STANDS AVAILABLE for booking now, click this ad for details or call Paul on 07799 888388 today!

Meet Keith Grover on NiS..

Power Up My Profile (PUMP)! Get your LinkedIn Profile up to All-Star status and optimised to bring you new connections and more business - book in now! Morning or afternoon options, Earlybird book by 31 Oct to save...

Networking is the most cost-effective and powerful way to grow your business! Discover how to make it work better for you at this informal and fun workshop...

Read our free daily GLOBAL NETWORKING NEWS & TIPS...

MyTeam Network takes all your networking to the next level by addressing the space between meetings - it's 'joined-up networking for grown-up people'!

Become a Sponsor and promote your business by taking an ad  - seen by over 2,000 Members, 1,500 unique visitors  with 6,000+ pageviews every month...

"Thanks for getting Google on my side! It's  so nice when you can see a return on your investment."
Emma Selby Farnham Hub

Sean Usher Interviews Keith Grover Part 1 &2...

WATCH A VIDEO of Keith telling Sean Usher all about NiS

© 2018   Created by Admin.   Powered by

Badges  |  Report an Issue  |  Terms of Service