In the previous post we discussed how a sound personal data governance will help retailers grasping the opportunities from the digital transformation.

Retailers are pushed to grow globally, also to set-off the limited growth of the mature markets. Within such wider perspective, governance should also address reputational risks with an holistic approach. Data governance should be tied with policies and procedures affecting specific business lines (including fraud, AML sanctions, financial integrity, ethical sourcing etc.), with adequate cross-business training programs. In addition to the traditional social media management policies, specific crisis management, incident response and investigations plans should be set out, so as to also mitigate class action risks.

In this new connected technology environment, retailers are also becoming “tech operators”. Partnerships with tech companies will have to be carefully devised, considering the role of all involved parties, including software developers, device manufacturers and connectivity providers. Policies should also consider cybersecurity and contracting strategies, addressing cloud contracts, loss of data and responsibility for back-ups.

When dealing with connected devices and technologies, the marketability standards will have to be assessed. In fact, devices must meet the essential requirements and safety characteristics set out by the EU harmonization legislation, including for among others the EU directives regulating radio frequency spectrum.

IPRs will have to be carefully managed, including the underlying software policies and architectures. It should also be assessed which type (or portion) of open source software is used so as to ensure that there are no issues for future usages and that the same software is supported by an adequate community of developers (also for cybersecurity purposes). Other intellectual property issues should be addressed, including, copyright and/or patents infringements. In this respect, formal copyright assignments, prior patent searches and warranties from contributing developers are useful risk management practices.