Blog Home

Navigating Compliance and Security in Retail REITs: A Strategic Imperative

Otso Team
April 3, 2024
5 minute read

For C-suite executives of retail Real Estate Investment Trusts (REITs) operating within the dynamic landscape of the United States, the stakes for maintaining rigorous compliance and security protocols have never been more critical. Amidst an environment where data breaches can lead to significant financial penalties and erode stakeholder trust, understanding the intricacies of regulations like the GDPR in Europe, the California Consumer Privacy Act, and the Maryland Personal Information Protection Act is paramount. These laws underscore a global movement towards stringent data privacy, with implications that resonate deeply within the U.S. retail sector​​.

The High Cost of Non-Compliance

Recent fines totaling £280 million for data breaches illustrate the severe financial risks associated with non-compliance. For retail REITs, which often manage extensive personal data related to shopping behaviors, tenant operations, and employee records, the threat is not just monetary. Data breaches can fundamentally damage the relationship with consumers, tenants, and investors, potentially undermining the very foundation of trust that retail REITs rely upon​​.

Expanding Liability and the Role of Directors and Officers

The responsibility for ensuring data protection compliance extends beyond the organization to its directors and officers (D&Os). The GDPR and similar U.S. state laws introduce specific roles with direct implications for D&Os' liability, emphasizing the need for a proactive approach to data management and breach prevention​​. The evolving regulatory landscape necessitates not only adherence to legal requirements but also a comprehensive understanding of the potential personal liability for D&Os in the event of a data privacy breach.

Embracing Innovative Solutions: The Role of

In response to these challenges, retail REITs must look towards innovative solutions that can offer both compliance and security. emerges as a beacon in this regard, providing tools that enable REITs to manage tenant risks effectively, ensure compliance, and secure financial operations against the backdrop of stringent data protection laws. By leveraging services like, retail REITs can enhance their risk management processes, fortify their data protection strategies, and navigate the complex regulatory environment with greater confidence.

Insurance and Risk Mitigation Strategies

Understanding and adjusting D&O insurance policies to encompass privacy-related losses is a critical step in safeguarding against potential claims. For retail REIT executives, it's essential to ensure that insurance policies are comprehensive enough to cover the broad spectrum of data privacy risks, including those pertaining to customer and tenant data​​.

Conclusion: A Proactive Stance for Future Success

The importance of compliance and security for retail REITs cannot be understated in today's digital age. As regulations continue to evolve and the risks of data breaches grow, C-suite executives must prioritize these areas within their strategic planning. By adopting a forward-looking approach that includes leveraging innovative solutions like, retail REITs can not only meet current compliance requirements but also prepare for future challenges. This proactive stance will be key to sustaining growth, maintaining stakeholder trust, and ensuring long-term success in the competitive retail real estate market.

Discover the Otso Advantage

Unlock the power of AI-driven underwriting for faster, smarter leasing decisions.


Please feel free to reach out to us with any questions.


We're here to assist you in any way we can.

+1 (832)-827-3678

Schedule a Demo

Meet with us today for a personalized consultation.

Schedule a Call