Retail and the GDPR: The end of the customer data gravy train?
You might be wondering “Why does my organization need to be concerned about the GDPR? How am I going to be affected?” Maybe you’re thinking you’re not affected because “I’m not headquartered in the EU.” If you have a physical presence in the EU or offer goods and services to people in the EU, the GDPR is going to fundamentally transform how you manage customer data.
For those unfamiliar, the GDPR is the European Union’s (EU) new data protection law, replacing the Data Protection Directive (“Directive” for short) that came into effect in 1995. The Directive was designed to address the technology from 20 years ago – before big data analytics, API ecosystems, social media, wearables, cloud technology, etc. The GDPR sets a new standard for personal privacy rights, data protection and organizations’ accountability to protect personal data.
The GDPR will give your customers increased control over the data you gather, store and process that personally identifies them. In context, this means your customers will have the right to know when and why you’re processing personal data, and if you’re sharing that data with anyone else. Additionally, you’ll have to be able to provide a copy of their data, correct, delete and stop processing it if requested.
Additionally, the GDPR presents a number of unique considerations for retailers:
- Collecting customer information will be harder and more regulated. The GDPR will require explicit opt-in for all electronic and automated marketing – no more pre-ticked boxes, automatic opt-ins from order forms, etc.
- The GDPR applies to personal data across more than just your websites, POS systems, CRM databases, and customer service applications. Internal repositories and back of house technologies like CCTV footage, beacons and RFID technology will be included.
- GDPR doesn’t just affect the data you’re processing yourselves, but also the data you are sharing with partners, vendors and suppliers.
- The GDPR also introduces new obligations for data protection, increased accountability and mandatory breach reporting with fines for noncompliance
In an industry where data and particularly customer data is key to reach, promote, and drive continued customer loyalty, the GDPR’s strict requirements and obligations will require you to thoroughly analyze, update and replace affected processes and systems – or face fines of up to 4 percent of annual global revenue or €20 million.
Join me and special guest April Rettkowski, our resident regulatory compliance expert, on December 11th to dive deeper into the top GDPR challenges and considerations for retailers, explore how the regulation can be a competitive advantage, discuss how you can start preparing now, and learn what Microsoft compliance solutions are available to help you today.
