Personalization’s Double-Edged Sword: GDPR has Far-Reaching Effects on Retail

by Jenna Sindle

If you have an email account, you know that GDPR is upon us – pretty much every company out there is making adjustments to their privacy policies and terms of service to account for the data regulation coming from the EU. But what does this mean for the retailers of the world, especially ones based outside the EU?

This week, we’ve captured a few different helpful articles that shed some light on GDPR’s effect on retail and what retailers need to be privy to as this regulation goes into effect.

Retailers, Consent and the GDPR: Is Your Business in Breach?  

McGuireWoods LLP’s Alice O’Donovan explained much of the legal repercussions and results of GDPR in her recent article on Lexology. She urged retailers to pay close attention to their marketing tactics, as that is how most customer data is gathered.

“Retailers should pay particular attention to how they obtain customers’ consent to marketing,” explained O’Donovan. “The GDPR requires a high standard for consent to use personal data, and violation of the consent is a serious infringement.”

She also covered common practices that might be overlooked because they have become so commonplace in the retail space including:

  • Data gathering at the cash register
  • The use of customer data when shopping online
  • The ability for the customer to withdraw consent
  • Compiling of targeted data lists

Read the whole story here.

3 Steps Asian Companies Can Take to Accelerate GDPR Compliance

Like we said earlier, GDPR is not something that only EU-based companies have to worry about. Any company that captures data from any EU citizen anywhere must comply with this regulation. As one of the major retail hubs of the world, Asia has a lot to consider when it comes to GDPR compliance. In fact, according to Fortinet, retail is among the top 3 industries impacted by GDPR.

“Retail businesses most likely to curate GDPR-relevant PII data include cross-border e-commerce operations, multi-venue retail chains, hospitality, travel, and F&B businesses,” stated Networks Asia. “Brick-and-mortar businesses serving EU customers can also find themselves liable to GDPR PII protections. Paying with a credit or debit card, providing shipping address information and participating in a customer loyalty program all fall under the protection of GDPR.”

Networks Asia shared three steps for Asian companies to take to quickly become GDPR compliant including:

  • Engage a third-party firm to help assess the situation at your company
  • Conduct a comprehensive data audit
  • Analyze how long data breach detection takes and then assess what is required to meet GDPR requirements

Read the whole story here.

More than Half of Retailers Not Ready for GDPR

Less than a month out from GDPR going into effect, Hugh Williams at RetailTechNews shared data from Ecrebo stating that 57 percent of retailers were not prepared for GDPR. The culprit: personalization efforts from retailers.

Pretty much any retailer knows that some element of personalization is crucial today to effectively gain new customers and retain existing ones. But that data used in personalization could present a massive hurdle for retailers not prepared to comply.

“89% of retailers say they use data to personalize the customer experience – the pressure is on to comply,” reported Williams.

Read the whole story here.

To stay updated on the latest trends and best practices in retail technology, subscribe to our newsletter and follow us on Twitter.