At the MSPA we are always looking to update our knowledge and information on this important subject. To keep us up to date we have completely reviewed and revised our GDPR FAQs one year on from this important legislation.
Mystery Shopping Employees of Third Party Dealers or Franchisees
More specifically we have recently adjusted our documents relating to the Mystery Shopping of third party dealers or franchisees and the capture of franchisee employee data as part of Mystery Shopping. Previously our interpretation was that it was not advisable to capture employee personal data in these circumstances, but have recently come across an interpretation that allows for this under the term “Mutual Legitimate Interest”. In such a case, provided that an agreement is in place between the client (first data controller) and franchisee (second data controller) to do so as part of maintaining franchise standards, then Legitimate Business Interest to capture, store and process employee data is acceptable. Please see section 2.1 Summary in our GDPR FAQs in the secure members area.
It should be remembered that all of the right of the data subject still apply in these circumstances.
Mystery Shopping Competitors
In addition, we have added references to competitor Mystery Shopping and the EU directive on Trade Secrets. The directive relating to Trade Secrets should have been in place in all EU countries by June 2018. This re-enforces the need to conduct Mystery Shopping on an anonymous basis, and not to capture any data that is not already in the public domain. Local country regulations may be more stringent than these and should be checked by members locally. These details are also included in section 2.1 Summary in our GDPR FAQs in the secure members area.
As ever these are MSPA interpretations designed to assist our members, however these are not legally binding on the MSPA, but a suggestion for members to explore in these circumstances.