A mix between on-line and off-line worlds, “Digital Store” concepts can now be seen in many sectors (cosmetics and well-being, of course, but also the hotel industry, food stuff, ready to wear…). The perfume and cosmetic sector are at the forefront. Equipped with innovative features such as connected shop windows, interactive POS or sales aid tablets, these new stores present offers to consumers, which perfectly match their profile and enable to learn more about their tastes and habits. Robots are even starting to appear here and there.
At MakeUp in Paris, you will be at the heart of the issues raised by this new “digital mania”. These new technologies that feed in particular on big data do indeed open up broad opportunities for brand retailers, but they also generate new legal risks. Because it seems essential nowadays to fully understand and master these legal risks, at a time when the European Parliament has recently adopted a new regulation to stimulate and regulate the digital single market, which will take effect in a few weeks, by significantly toughening penalties.
Personal data, a new regulation! Indeed at its plenary session in Strasbourg on 14 April, 2016, the European Parliament voted the final adoption of the new Regulation on the protection of personal data. This much awaited (4 years!) historic text sets the new legal framework, to which all companies, across all sectors, will have to comply by 2018, with penalties in case of infringement of up to 4% of their turnover. This reform provides an opportunity for all companies to accelerate or perfect their digital transformation, by adapting their organization and the use they make of data collected, to secure and enhance their “Data asset” in light of this new regulation. Among the new key features: – the obligation to implement a real data governance (keeping of an internal record, appointment of a Data Protection Officer (DPO), setting up of auditing measures, of impact studies…); – the establishment of a new responsibility matrix between the different stakeholders involved in the data processing (subcontractors, joint managers…); – a strengthening of the rights of individuals (portability, strict purpose limitation principle, prior information…); – the requirement for some DPOs located outside the EU to appoint a responsible entity located within the EU.