How Does GDPR Affect Retailers?
Since the last Data Protection Directive was established over two decades ago, it’s clear that not enough focus has been placed on protecting personal data and respecting the rights of the data subjects themselves. With the growing power of the internet and its enormous effect on how data is used, there comes a need for new regulation. The General Data Protection Regulation (GDPR) is the latest legislative update that aims to rectify this, handing back the control of data to the individual. Now that the importance of data privacy has been made a top priority in this new regulation, there will be a significant impact on how retailers collect, process and store personal information about their customers and employees.
GDPR has been approved by the European Union (EU) to strengthen and unify all data protection practices across Europe. It applies to all companies processing the personal data of people residing in the EU, regardless of the company’s location. The ICO, the lead UK governing body, has the power to fine retailers 4% of their annual income or €20 million, whichever figure is higher, for noncompliance. Retailers could also see severe damage to their brand reputation, which may come from being publicly shamed for not taking care of customers’ data.
GDPR focuses heavily on consent. The new legislation states that consent must always be knowingly and willingly given; without permission, retailers should not be processing customer data. To further this, the act of gaining consent will have to be made even clearer for people to understand precisely what they are signing up for.
In order to work towards compliance, it’s important to be aware of the main changes that GDPR brings:
- Data Breach Notification
- This will be a mandatory process for any unexpected data breaches that are likely to “result in a risk for the rights and freedoms of individuals”. A review of all security procedures should also be conducted to minimise risk and highlight any potential areas of weakness with existing retail technology.
- Right to Access
- Customers will have better protection of their data and tighter restrictions on how retailers are able to use their data. Retailers will need to be prepared to provide complete transparency to their customers about how their personal data is being processed.
- Right to be Forgotten
- All customers will now have the right to request for their data to be completely erased from all communications, CRM systems or third-party systems.
- Data Portability
- Customers can now demand to receive a copy of all their personal data and securely move it to another company without being charged.
- Privacy by Design
- Retailers must carefully consider how to include data protection when internally designing systems. As part of data minimisation, all processes must be structured to only use data where absolutely necessary and ensure limited access is implemented to improve security.
For more information and official guidance visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Increasingly Data-Driven World
Retailers are handling enormous amounts of customer data. When retailers track purchasing habits and implement vast omnichannel strategies, they rely on using customer information from every interaction that takes place. This means that there’s a lot of work to do in order to prepare and maintain GDPR compliance.
A positive outcome of the GDPR is the chance to build stronger relationships with customers. Now that retailers are having to look even closer at how they handle data, there will be a greater chance of achieving smarter, more accurate communication with customers. Thinking strategically in accordance with the GDPR about how to earn trust and provide a better experience for customers means retailers stand to improve their brand reputation, creating a stronger platform for long-term loyalty.
At Reflexis we are committed to working with our customers to understand and prepare for the GDPR. You can access our updated privacy statement here: http://www.reflexisinc.com/privacy-policy/gdpr