Surprise! It's GDPR: Understanding the New Data Regulations

Sounds fun! What the heck is it?

You may have realized some kind of change was afoot when you, along with the rest of the world, found your inbox clogged with a flurry of "updated privacy policy" emails. As it turns out, people had been hearing inklings about GDPR regulation being launched in the EU for a while but, until the regulation was officially implemented in Europe on May 25th, 2018, it would seem to have taken many American companies by surprise. People were vaguely aware of  some pending changes to come, however few people seemed to have FULLY realized the implications this would have to businesses outside the EU, until the deadline went into effect.   

So what is it? The General Data Protection Regulation (GDPR) is designed to protect consumers' privacy and data collection rights, and replaces the 1995 EU Data Protection Directive. Although these regulations currently only apply to businesses that either market to, or process data of European citizens, it's likely that similar regulations will follow in the U.S. soon.

How does GDPR affect my business?

According to Weightmans, a UK Law Firm, there are 4 elements that retailers must consider regarding the new regulation. 
 

1. Privacy Notices- Consumers must agree to having their data processed and used by companies. 

2. Retailers must be able to show that they are compliant with GDPR and their records are up-to-date.

3. Retailers must have written agreements that lay these details out. 

4. Retailers must present consumers with their individual rights when it comes to data collection.

Staying in the Consumers' Circle of Trust 

 

As you can see, consumers are concerned about their personal data and how retailers today are handling it. With the General Data Protection Regulation in effect, consumers are getting the protection they want and deserve. 

 

How Will GDPR Impact the Global Retail Industry?

To gain some insight on how GDPR may affect the retail business sector, we did some digging and found a few articles that outline the impact of this new regulation:

The Grocer - UK: Why GDPR Could Spell Data Upheaval for Retailers

One of the biggest restrictions that GDPR puts on retailers is their access to customer profiling and personal data. With the new regulation, retailers will be required to make their customers aware that they are collecting information, and allow them the opportunity to oppose. The consumer's ability to deny retailers access to their data may cause retailers to lose a serious competitive advantage, since companies have come to rely on the ability to track shopping behavior and preferences. Despite this setback, the transparency that retailers must now provide will work to build trust with customers and hopefully create happier clientele. 

"Retailers need to prepare now for the day when GDPR places data firmly back in the hands of customers." - Duncan Brewer, Partner, Oliver Wyman 

Arden Group - UK: How Will GDPR Affect the Retail Sector?

Another aspect of retail that GDPR covers is data security and policies regarding data breeches. This includes ensuring that endpoint technology systems, such as kiosks and other sales-related POS devices, are protected from data breeches. Along with updating security procedures, GDPR also requires retailers to notify their regulator of a security breech within 72 hours. Depending on the level of the breech, some retailers may even be forced to tell their consumers about the breech as well. Think of it this way --- retailers are FINALLY being held accountable for the protection of their customers.

Forbes: Facebook's Scandal and GDPR are Creating New Opportunities for Retail

Forbes examines a more positive side of GDPR for retailers. Despite the extra policies and procedures that retailers must now follow, GDPR may allow retailers to create better relationships with customers and provide a more personalized experience. Since companies will be providing an increased level of transparency and up-front consent, giving consumers control over how they are marketed to and how their information is managed - as well as providing increased security around data handling and storage - retailers should see increased customer loyalty, increased sales, and a more committed customer base. 

"The focus on personal data protection has changed expectations for consumers. Many are weighing whether the convenience they enjoy by sharing their data outweighs the risk and reality of its misuse." - Greg Petro

Be a Good Data Shepherd

The General Data Protection Regulation has created more secure measures to protect consumers, as well as constructing a streamlined procedure for retailers to follow. Although this regulation may limit retailers' access to data, it will also protect them against data breeches that have become all too common in recent years. By taking steps to protect your customers, you are promoting loyalty and brand devotion.

With GDPR already being enforced, it is important to get aligned with this law and implement new privacy policies in accordance with regulations, and train employees on the new procedures put in place to protect your customers' data.

Your customers have a right to the reasonable expectation that if they choose to share their information with you in doing business, or even just browsing around, that you will be a good steward of their data and privacy.  

The bottom line (literally): If your customers are happy, then your business will prosper.

Want to learn more? Check out our podcast, The Stanish Inquisition, where our CEO talks with other leaders about all things retail.