There are many hidden dangers for retailers in the European Union’s General Data Protection Regulation (GDPR).
There seems to be the feeling that GDPR can wait until next year, that it does not impact anyone outside the EU, and that it does not really affect retailers.
These are all myths; here is why:
- Myth 1 – It is something for 2018
- WRONG – Regulations come into effect May 2018 and the consequences for not complying are severe – with fines as high as €20m or 4% of global revenue.
- Myth 2 – It doesn’t impact companies outside the EU
- WRONG – It impacts all companies processing data associated with EU citizens. Given the complexity of modern business, this means it is global.
- Myth 3 – It doesn’t really impact retailers
- WRONG – It does because retailers collect and collate customer data for all sorts of reasons.
It’s About Loyalty
Retailers have spent years attempting to understand their customers through loyalty schemes, whereby customers use a loyalty card in return for points or discount. Meanwhile the retailer is collecting data and using it to improve the service and relevance towards customers.
Tesco Clubcard was the pioneer here in 1995 powered by the analytical genius of Dunnhumby. There are stories about the ‘creepiness’ of such schemes in that they potentially know too much; the famous example is where Target knew a teenaged girl was pregnant before her father did!
Few retailers these days do not have a loyalty scheme of some kind. It will impact every one of them.
Loyalty is Only the Start
While data associated with loyalty may be the first thing that comes to mind in relation to GDPR, it is not the only culprit or risk area. Whether retailers have a loyalty scheme or not there are still a number of risk areas that need to be considered. Even putting aside the risks associated with Human Resources related data, there are a number of other key areas that could well be risk areas.
- Warranty registrations: When purchasing electronics or other home goods customer information is often taken for warranty registration purposes. GDPR will cover both historic and future customer warrantee registrations associated with EU citizens.
- Home deliveries: Every type of retailer offers the option of delivering to the customer’s home; groceries, clothing and electronics – all of these retail types can be delivered to an EU citizens and are therefore impacted by GDPR regulations.
- Mailing lists: EU customers can opt to go on retailers’ mailing lists. Again, retailers often ask for address details in-store for customers to receive information by mail.
- Repairs: Many high-end brand owners take care of their own repairs. Products as diverse as electronics, luggage and shoes often have the retailers acting as a conduit for product repair and refurbishment.
The reality is that retailers are impacted wherever and however they operate. Operating a ‘business to consumer’ as opposed to a ‘business to business’ model means the risks are naturally higher. Not only in terms of amount of data but number of risk areas.
By offering things like home delivery, loyalty-driven customer focus, excellent warranties or fast repairs they are at risk of handling customer data. The hidden dangers are there, and retailers need to ensure that GDPR regulations are adhered to. But they need to do it without adversely impacting their efforts to create a differentiated customer experience.
For an impartial view on GDPR, Gartner have written a paper to help start your thinking process. You can download it subscription-free from here.