Images: Katrin Fail | Wiktoria Matynia/Shutterstock, Titima Ongkantong/Shutterstock

How the EU’s General Data Protection Regulation affects the European shopping center industry.

How the EU’s General Data Protection Regulation affects the European shopping center industry.

The press department of SES Spar European Shopping Centers in Salzburg commented: “We comply of course with the EU’s General Data Protection Regulation here at SES and will implement it in all units of our group. We have already been handling data very carefully so far. Our employees were trained to act accordingly.” Bettina Schragl, the Head of Communications and Investor Relations at Immofinanz in Vienna says: “As for all other Austrian companies, the Data Protection Regulation affects our business as well, therefore we have to adapt all relevant agreements.”

The otherwise quite talkative shopping center industry, however, remains relatively silent when it comes to communication regarding the sensitive issue of the European General Data Protection Regulation (GDPR). Contrary to SES and Immofinanz, most of the vast number of players ACROSS contacted did not comment on this issue. Even though this regulation will soon come into force – on May 25, 2018 to be exact.

Its goal is quite ambitious: It harmonizes data privacy laws across Europe. But what does that mean from a legal perspective? Companies will be more accountable for their handling of people’s personal data and it will change how they handle information about their customers, their employees and their suppliers. Whilst the GDPR pertains to all companies, shopping center operators may face more challenges than many other businesses (see Commentary by lawyer Birgit Harasser).

A gigantic headache

Due to these challenges, various national shopping center councils organized information events. For example, the Hungarian council had its event on February 21 and the British Revo on February 27. The latter had the pointed motto “GDPR: A Gigantic Headache for Retail and Property.” Apparently, this is where this stream of communication is headed.

Manuela Calhau, Director Innovation and Market Intelligence at Sonae Sierra.
Manuela Calhau, Director Innovation and Market Intelligence at Sonae Sierra. Image: Sonae Sierra

Of the big players, it was Manuela Calhau, Director Innovation and Market Intelligence at Sonae Sierra in Portugal, who informed ACROSS about the adaptions that have to be undertaken in center management: “There are several adaptions needed. From an operational perspective, one has to review all contracts involving personal data, from human resources to suppliers, tenants, and mall operators, as well as one’s own property management contracts.

Furthermore, one has to adapt the contracts and/or terms & conditions used in marketing activities, corporate systems and web-based applications and apps.” But that is not all.

According to Calhau it is of vital importance to redefine accesses and password policies, including staff PCs and mobile equipment. Checking and eventually adapting specific systems such as video surveillance and car park management systems, and procedures will be necessary as well.

Sonae Sierra has a specific team working in the GDPR for several months, addressing all these issues. The Sierra GDPR project is followed every two weeks by the executive board of the company and the work is progressing according to plan.

Significant documentation effort

ECE in Hamburg also launched an internal project regarding GDPR. Its goal is to analyze exactly what still needs to be adapted within the company. During the following step these new requirements are implemented as processes.

Ultimately, the need for documentation will increase, because: “We have no centralized customer data management like online retailers. Therefore, we have to do it individually in each center. There will be legal uncertainties in the beginning because no jurisdiction or experience exists yet,” says ECE’s press office. Besides the need for documentation, the obligation to provide customers with detailed information weighs heavy on center managements.

Woman Stylish At Internet Network Binary“Customers need to be informed about the reason why their data is collected, how long their data will be stored and which regulatory authority is responsible for it. The use of customer data needs to be documented in great detail as well. In the future, customers will have the right to be informed about the use of their data and have their data deleted at any time. Furthermore, it may be necessary to adapt agreements with service providers. When in doubt, regulatory authorities can ask for documentation and proof regarding these matters.”

However, the GDPR has virtually no impact on leasing contracts. After all, tenants act autonomously and have their own people who implement data regulations for their respective companies.

It will be interesting to see what the regulation will actually mean for the industry, after it comes into force on May 25, 2018. Penalties for violations are quite draconian, with up to four percent of a company’s worldwide annual turnover. Its execution will be handled differently in each EU-country.

In Great Britain, where Brexit takes full effect in March 2019, it will be handled more restrictively than, for example, in Austria. Here – in its capital Vienna – organizations for consumer protection are already preparing themselves. They launch online platforms for consumers to make it as easy as possible for them to file a complaint when their data is misused…


Follow @across_magazine on Twitter and @across.magazine.europe on Facebook, sign up for our ACROSS newsletter and subscribe to ACROSS Magazine.


Sign up for our ACROSS Newsletter. Subscribe to ACROSS Magazine.

Opinion MORE

Retail Must Match Net Zero Ambitions with Actions

“The retail sector needs to act now to show it is committed to a ‘green recovery’ from the pandemic and to demonstrate to customers, supply chains, investors, and other stakeholders that sustainability plays a core role in its business strategy.”

Shopping Centers as Fulfilment Locations

“In the most extreme examples, the projects include conversions of mall properties to become partial warehouses for e-commerce fulfilment.”

The Party Will Surely Resume – But Will You Be Ready to Dance?

Bigger leaps are being taken to lift us out of this pandemic. We still have a long way to go, the path ahead will be rocky, and the load we must carry is heavy. However, not everyone should expect the party to begin once we make our way out of the darkness. The beat of the drum and the rhythm of the song have changed.

Virtual Meetings Do Not Work in the Real Estate Industry

“Without the physical aspect of real estate, you cannot obtain the same engagement, fulfilment, or experience: It is simply not as effective.”

Most Problems are of a Company’s Own Making

Retail has changed. Do you really understand how things currently work or how they will work in the future? Are you still waiting for everything to go back to “the way it used to be”?

Green sports in real estate

The real estate business is not a sport but there are many similarities. Fair play, progress through training, new methodologies, competition, success (and failure), injuries and recovery, awards, fame etc.