Customer Privacy
and Data Security

We recognise the importance of our customers’ privacy and data, therefore, we are putting policies and processes in place to make sure our customers’ interests are protected.

0
substantiated complaints
concerning breaches of customer
privacy and losses of customer data
0
data security
breaches

Key Stories

Moving in line with emerging regulation

Respecting our customer’s privacy and the confidentiality of their data is an increasingly important issue as we move towards greater use of digital tools and increased e-commerce.

We have carried out training, following the introduction of the General Data Protection Regulation (GDPR), including an assessment of its potential legal implications.

Our group IT department has recently conducted a GDPR assessment for all e-Commerce websites to identify any gaps pertaining to customer data privacy and policy consent. Brands are liaising with Group IT and Legal to improve the visibility of data privacy and cookie policies on the e-Commerce sites and set timelines to achieve full compliance with GDPR.

In order to bring awareness and education to group employees, we delivered an Edge Talk on GDPR in 2018.

To ensure that our employee and customer data is processed by consultants and services providers in a GPDR compliant manner, our legal department has implemented a standard GDPR compliant data protection clause for the processing of data by service providers, as well as a Data Processing Agreement.

To ensure that e-commerce platforms are handling customer data in a compliant manner, we have also prepared updated GDPR compliant privacy policies for customers.

Enhancing our IT systems

In 2018, we began to address data security head on. We are currently developing a data security policy and enhancing our IT system security architecture.

GDPR compliant procedures and data protection policies have been implemented which detail official procedures for handling the data of both employees and customers. These cover the rights of individuals whose data we are storing, our policy for how we store data, our policy indicating steps to take upon data breach, and an internal privacy policy on how group employee data is handled by the Group.

Work in this area has been a collaborative effort between Group Legal and the IT department to put in place the necessary data management policies and to ensure we are aligned on how to handle data in all circumstances. Our next steps will involve educating employees on these points and putting these policies in practice - as required for GDPR compliance.

We are a partner with Microsoft and have signed agreements to use their technologies offered under Microsoft Enterpriser Mobility and Security Suite. This partnership will enable us to enhance our security infrastructure, implement controls to protect customer data from internal/external security threats, and flag any risks through proactive security monitoring.

We are working in several other areas to improve our security architecture, including the enhancement of network security, advance threat protection for e-mail systems and endpoint devices.

We have developed a Security Architecture and Risk Framework which is integrated with our project management framework. This will enable us to follow secure by design principles by including security activities throughout the development lifecycle.

We are also working to enhance user awareness of information security and data privacy. We have included security training as part of new joiners’ induction and are developing a plan for awareness-raising among users.