Wexford is home to a thriving business community, and garden centres in the Wexford Town area and beyond are no exception. But many don’t realise the extent of their GDPR obligations — particularly around running loyalty programmes that track detailed customer purchasing behaviour across departments without adequate privacy notices. This guide breaks down exactly what’s required under Irish and EU data protection law.
Join 2,000+ Irish businesses already protected
Absolutely. Under the GDPR and the Irish Data Protection Act 2018, all garden centres in Wexford that collect, store, or process personal data must be fully compliant. This covers everything from booking details and payment information to CCTV footage and staff records. The DPC can impose fines of up to €20 million for non-compliance, and Irish businesses of all sizes are subject to enforcement.
RISK ASSESSMENT
Running loyalty programmes that track detailed customer purchasing behaviour across departments without adequate privacy notices
Collecting customer data for landscaping consultations that includes home addresses and property details
Using CCTV across large retail premises, car parks, and café areas without consistent signage and policies
Gathering children's data through kids' workshops, Santa visits, or family events without parental consent
Sharing customer data with delivery partners, landscaping subcontractors, or event suppliers without agreements
DATA INVENTORY
FREE ASSESSMENT
See exactly where your Garden Centre in Wexford stands on GDPR compliance — no signup required.
REQUIRED DOCUMENTS
Every Garden Centre in Ireland needs these documents to demonstrate GDPR compliance.
STEP BY STEP
Display a privacy notice at the entrance, at the till, on your website, and at event registration points.
Ensure CCTV signage is displayed at every entrance to the premises, car park, and café, and that footage is retained for no more than 30 days.
If your loyalty programme tracks purchases across departments (garden, café, gifts), provide clear information at sign-up about what data is collected and how it is used.
When running children's events, collect only essential data (child's name and age, parent's contact), provide a privacy notice to parents, and delete the data after the event.
Put data processing agreements in place with your delivery service, any landscaping subcontractors, and e-commerce or loyalty programme platform providers.
Set retention periods for different data types: delete inactive loyalty accounts after 24 months, landscaping consultation records after 3 years, and event registrations within 3 months.
Train till staff and event coordinators on basic data protection, particularly around handling children's data and customer payment information.
COMMON PITFALLS
Collecting extensive customer purchase data through a loyalty programme without providing clear information about how it is used or giving customers control over their data.
Running children's workshops or Santa visits and collecting children's names and details without a specific privacy notice or parental consent process.
Operating CCTV across a large premises with dozens of cameras but only one small sign at the main entrance.
Keeping landscaping consultation records containing customers' home addresses and property details indefinitely.
FAQ
Everything you need to know about GDPR compliance for your business.
Contact usNEARBY COUNTIES
OTHER SERVICES
Every day your Garden Centre in Wexford operates without proper GDPR compliance is a risk. The DPC is increasing enforcement across Ireland — get ahead of it today.
Join 2,000+ Irish businesses. No credit card required.