On May 25, 2018, the new EU data privacy regulation, known as the General Data Protection Regulation (GDPR), comes into force. Shortly after that the sky falls in and the world ends. Well, it does if some of the press comment is to be believed. But what if, just if, it’s not that bad? For retailers, there are real benefits to be gained through GDPR compliance. So, I thought I’d write something positive about GDPR.
The GDPR is perhaps the most sweeping data privacy legislation to be enacted. Anyone with customers, employees or suppliers that are EU nationals will have to comply with GDPR, and if you don’t the penalties are severe. But, I don’t really want to go into minute detail of the regulation. If you want to know more about GPDR, we have created an excellent microsite that will give you all the information you need.
Although if you don’t know about GDPR, where have you been? About the only thing to receive more attention at the moment is Bitcoin. It is increasingly becoming an accepted currency for major retailers. Bitcoin still has some way to go before it’s mainstream but GDPR will make every retailer focus on their data immediately. Data can become the new currency of retail with the potential to create entirely new business models.
With less than four months to go, a Forrester report has found that the Retail sector is lagging behind every other industry sector in GDPR readiness. The analysts report that almost three quarter of retailers say they will not be ready. That’s a massive opportunity for those that are ready.
Let me explain why.
Perhaps the first GDPR blog to talk psychology, not penalties!
When it comes to personal information, modern consumers are suffering from cognitive dissonance. Retailers are offering consumers more and more personalized products and services, while, at the same time, consumers don’t want to give up their personal data. An infographic from Adweek shows that almost half of global consumers get frustrated when companies fail to deliver relevant personal experiences even though 60% of customers are not willing to provide the data to make it happen.
There are two revealing statistics in the infographic that, for me, provide the explanation for the dissonance. Almost three quarters of global customers believe that some of the companies they deal with simply can’t be trusted, while 58% say that companies can earn their trust by being more transparent about how they use their customer’s data.
One of the greatest fears about GDPR is that it will challenge retailer’s ability to deliver personalization. The industry has become used to capturing customer data and behaviors and doing what they want with this information. This is really what the legislation addresses, although it’s pretty clear that it’s not just the legislators who aren’t happy with the current situation. Customers don’t trust retailers to deal with their personal data properly. Viewed like this, GDPR becomes a legal requirement to do what customers expect — handle personal data securely and with consent.
So that’s the need, where’s the opportunity?
To a great extent, GDPR is a transferal of rights. At the moment, data ownership really lies with you, the company, where you have – with very light, even implied, consent – been able to use that data to do pretty much anything you want with it. For example, some apps share customer information they collect with Facebook who ‘shares’ it with US Government agencies. After May, EU nationals will have much greater rights about how their data is captured, used and shared. They will be able to ask to see exactly what data you have on them and how you’re using it. They’ll be able to demand that you remove all that data through the ‘right to be forgotten’.
In effect, your customers will have the right to edit, extract, transfer and delete any data you hold on them – anywhere within your business and, just as importantly, within your partner network such as suppliers, payment services, etc. Customers will have to give you unambiguous and granular consent for you to use their personal data – and they can change their mind at any time. You’ll need to notify them if a data breach occurs and any effects that this has on their data.
The simple truth is that every company that deals with EU residents – and that’s almost everyone – will need to get their data management house in order and find ways to give customers transparency and access to their personal data. It’s a challenge to get it right, but on the upside, you’ll achieve that key foundation of every customer relationship: trust.
Customers will trust you with their data because they have the right to ask you to prove that you’re using it properly. From there, everything falls into place because, as Adweek shows, customers want personalization. They want that excellent omni-channel experience. The one thing that’s really held this back has been that they were cautious about giving their personal data when they didn’t know how it was being used.
And, do you know, that was exactly the original purpose of the GDPR regulation. EU regulators realized that a solid data protection regime is vital to the development of the digital economy. I guess the question you’re asking is how this translates into new business models for Retail. There are numerous opportunities for retailers that are willing to think innovatively.
Retailers have long talked about becoming more data driven and want the ability to make that data work for the business to develop new products and services and increase business efficiencies. GDPR heralds a new data-driven generation. It’s now about using that data to build trust and cement the customer relationship.
GDPR is something that you can’t avoid but you shouldn’t want to. It will change the relationship with your customers for the better. But don’t underestimate the challenge of compliance. Retailers need to address all the personal data you have and understand how it’s being used and by whom. The type of Enterprise Information Management (EIM) platform that OpenText™ supplies facilitates the process to ensure that you have total control of all the data and content within your organization.
If you’re still in the early stages of your GDPR program, you need start by undertaking a thorough data discovery process to ensure that you know exactly what data you have. We’ve created our GDPR Discovery and Analysis Service to help you take this important first step.
GDPR is one of the hot topics at this year’s OpenText Innovation Tour taking place between now and April as well as at Enterprise World in July. It would be great if you could join us at one of these important events. If you have any GPDR queries you’d like answered now, please complete this short contact form or comment below.