Networking in Surrey

GDPR and Franchising: The risk for Franchisors

A fundamental change under data protection laws, in this case, The GDPR – the new data protection regulation which came into force in May – will have particular relevance for anyone involved in a franchisor/franchisee relationship.

Why? Because of the way in which data is handled; a franchisee operates their own business and is, under the existing Data Protection Act 1998 (“DPA”), a controller (i.e. a person that determines the purpose for and manner in which data is processed); franchisors, by contrast, and despite their obvious vested interest in that data (under many franchise agreements, client data can only be used within the franchisor’s system, licensed to the franchisee under their franchise agreement) are not merely associated parties; in fact they also have a vested interest in the information that their franchise network collects and processes. Ultimately, customers or clients are entering into a relationship with the brand, meaning the franchisor. 

From a practical standpoint, a franchisor’s relationship with ‘its’ customer data has arguably been that of a data processor – with access to records of this information maintained and used by its franchisees and, in some cases, to provide facilities to capture prospects or those that might be interested in a franchisee’s products or services, through a central website or micro-site or page dedicated to a particular franchisee’s territory. A franchisor that does not undertake specific analysis on this data as a whole, is arguably no more than a data processor under the current DPA; but under GDPR, processors become subject to much enhanced obligations, not dissimilar to those applicable to their network of franchisees. 

Taking the relationship from another angle, to some degree the franchise network will rely on the franchisor to guide them in best-practice and compliance; after all, their purchase of a franchise would, to some extent, have been to avoid the need to devise, think about and implement much of the back-office function of the business – the expectation within a franchise, as a ‘business-in-a-box’, is to be able to open and focus on sales and growth, without much of burden applicable to a start-up or owner-operator.

Much has been made of the vast fines that could apply to a data breach; these should not be ignored but our own assessment, as with much of the true approach to The GDPR, is that proportionality will play its part.

If it were going to cost a small business with turnover of around £150,000 then spending £30,000 to achieve compliance is disproportionate as this represents 20% of their turnover and possibly a large proportion of the profit of the business.

However, what if you are a franchisor?

With a franchisor’s role in directing and guiding their network of franchisees, whilst they may not be directly responsible for the processing of that data now with their increased obligations under The GDPR, even if they are only a data processor, they have an obvious interest in the protection of their brand/reputation which could be seriously damaged following a data breach by a careless franchisee. Franchisors should be taking the lead and communicating not only with their own internal team but also across their franchise network to ensure that plans are in place and assessments are carried out to minimize the potential risks.

What we are seeing is franchisors handing out masses of information with some guidance and leaving it to the franchisee to create their own compliance policies and procedures. Very often, this doesn’t happen and when it does the work is not sufficient to demonstrate compliance. Surely, the franchisor wants the franchisee to be focussed on the business they are in, not spending months creating policies.

An updated privacy notice will also be required to that clients of the franchisee are made aware that their personal data may be shared with and possibly processed by the franchisor. This will relate to a clause in the operations manual and a procedure and policy should be put in place to ensure best practice.

----------------------------------------------------------------------------------

How we help Franchise Businesses:

As GDPR consultants we are supporting franchisors and franchisees with:
1) Delivering implementation of GDPR, including data minimisation and analysis, not just guidance;
2) Advice and updates to operations manuals, technical notes and training around secure and effective data management;
3) Updated privacy notices and communications, including on websites and social media;
4) Handling data requests and breach notification plans – a data breach now has to be notified within 72 hours; and
Ensuring marketing is conducted legally, including under PECR Regulations.

We also offer Data Protection Officer as a Service; taking away all the worry of GDPR Compliance

Views: 79

Add a Comment

You need to be a member of Networking in Surrey to add comments!

Join Networking in Surrey

Member Sponsors (Links)

These NiS MEMBERS help us keep NiS free for you! Click the ads for info and offers...

Meet  Elizabeth Turner on NiSGold BNI (SME Awards Networking Group of the Year Winner!) is the only BNI networking group in Surrey that meet every week online, with an optional social face to face every month - please click the ad to visit us for free!

GRAB A FREEBIE.(or two!)Click the ad to check out our Network4Free page for dozens of terrific freebies, many of them transcending the Surrey borders.

Meet Tara Jayne Maynard
Come as a Visitor to sample our BNI Woking and Pyrford in-person meetings and discover how very rewarding networking can be for you… please click on the ad and apply to join us as a Visitor to these vibrant, fast-growing groups!

Meet John Gower on NiS...Local Networking Works! Start boosting your business TODAY... Please click the ad for details ADVERTISE HERE! Become a Sponsor and promote your business by taking an ad  - seen by over 2,400 Members, 1,500 unique visitors  with 6,000+ pageviews every month...

"Thanks for getting Google on my side! It's  so nice when you can see a return on your investment."
Emma Selby Farnham Hub

Sean Usher Interviews Keith Grover Part 1

WATCH A VIDEO of Keith telling Sean Usher all about NiS

© 2024   Created by Keith Grover, NiS Founder.   Powered by

Badges  |  Report an Issue  |  Terms of Service