The EU-wide General Data Protection Regulation (GDPR), designed to give consumers more rights over their own data and how it is used and stored by the businesses they interact with, is approaching fast. Yet Gartner believes that less than 50% of all organisations will be fully compliant with the legislation when it comes into effect on 25 May 2018.
With around 160 GDPR requirements – from how you collect, store and use personal information, to mandating a 72-hour notification for personal data breaches – it’s clear that retailers need to focus on its wide-ranging impact; technology, business policy, marketing and other functions will all be impacted. With fines for non-compliance of €20 million or up to 4% of annual global turnover (whichever is greater), alongside potential for extensive brand and reputational damage, the stakes are high.
However, by addressing data security, privacy, compliance and transparency, retailers can use GDPR as a focus for driving positive change, as customer-centric data views will make a business well positioned to deliver more innovative customer programmes. Getting a unified view of the customer allows for better 1:1 personalisation and can develop stronger brand loyalty.
When the regulation comes into force, consumers must clearly opt in to consent to their data being stored, and must also understand the purpose behind such requests. They can ask to have their data removed from retailers’ accounts, as well as asking to be removed from marketing lists. Firms have the burden to prove these activities are complete when such requests are issued. In addition, customers can challenge retailers’ automated profiling decisions about them, as well as asking for access to what data retailers have about them.
Breaking Ground with GDPR
Ensuring adherence to GDPR is no easy task. Retailers should create a taskforce across relevant departments, such as IT, marketing, customer experience, and regulatory, spearheaded by a senior executive leader. They not only need to identify what data is relevant and where it is held, but also drive change across business functions and day to day processes to ensure compliance.
Understanding the data: Customer data is captured and stored in multiple locations: at the PoS, within ERP, CRM and marketing systems, as well as in many legacy systems. Additional challenges come from new cloud-based business models, with data being dispersed across systems which are no longer simply on a server in a company’s office.
From these disparate systems, retailers will most likely have five or six data entries tied to the same customer. These all need to be found, cleaned, unravelled and turned into a unified view of the customer across all touchpoints – an essential step to meet many of the GDPR requirements.
Working processes: Having a very siloed view of the customer is further complicated with how data is shared and used in day to day business processes. For example, people extracting data for use on laptops increases the fragmentation of data, and common work flows such as sharing information in DropBox, or sending customer lists over email, will no longer be allowed. Security layers also need to be in place to track employees and their activities – from who has access to data, to when and how data extractions take place.
GDPR will also impact partner networks as suppliers must show GDPR compliance. Providers of customer store cards or retail credit cards for example, will be responsible for showing retailers how they handle their customer data, and retailers will have to demonstrate they are ensuring third-party compliance, further adding to the complexity across and outside organisations.
Retail business functions: The impact on marketing will be huge, with useable customer lists and data used in loyalty programmes potentially shrinking. The onus will also be on marketing to prove to customers the value of them providing their data. The focus on customer experience can only be further intensified and the use of predictive analytics to enhance these offerings will be ever more important.
The business benefits of GDPR
Yet there are also business opportunities to be gained by having a single consolidated view of data. A 360° profile of the customer provides a fantastic insight into their behaviour – how they shop, their preferences, their spending habits – as well as providing opportunities to strengthen customer loyalty and drive a better customer experience, with permission from the customer.
There is a great opportunity to work more closely with customers to highlight the benefits of holding and using their data. Consumers can find easier channels for communicating feedback and the groundwork for GDPR can also support advanced analytics programs to deliver personalised offers and promotions for customers, creating stronger ties with retailers.
Existing research suggests unprecedented support from retailers and specific consumer groups for personalisation. According to Deloitte, 1 in 5 consumers who expressed an interest in personalised products or services are willing to pay a 20% premium. In research carried out by Harris Interactive, 86% of US adults expect brands to offer multiple options and flexible timing for customer service interactions, to suit their personal requirements.
Recognising and adapting to changes in customer preferences, specifically on an emotional level, will be the basis for future retail success, with data and the use of technology key to delivering the best customer experience. The GDPR requirements can provide a useful foundation for this work.