Retail and GDPR: Get ready, and get ahead
It is just a few months until the European Union’s General Data Protection Regulation (GDPR) kicks in. From May, every organization that operates in the EU or holds data on EU citizens will have to comply with strict new rules that govern how they use personal data. U.S. retailers are therefore not immune.
Any retailer that is unprepared risks a rude awakening: if it breaches GDPR, the financial penalty is up to 4% of its global annual turnover. The damage to its reputation could be even more costly.
But there’s another risk, too. Retailers recognize that data is the key to growth, giving them invaluable customer insight and unprecedented forecasting abilities. Which means that, if retailers drag their heels on GDPR, there is a limit to what they can do with data – and that will undermine their competitiveness and even threaten their existence.
With the GDPR deadline looming, readiness is a matter of urgency. Worryingly, however, we hear of some that are far from prepared. We advise them to prioritize the following steps:
1. Instill a culture of integrity
Any retailer that does not put transparency at the heart of its data practices will struggle to comply with both the letter and the spirit of GDPR. Those that are most prepared are actively building openness into their cultures. No retailer can expect each member of staff to grasp every intricacy of its data policies and processes, but employees of those with a culture of integrity will be more likely to do the right thing instinctively.
Working out how to create this kind of culture is a key challenge. First of all, we see leading retailers asking themselves whether every employee thinks about what is right as they handle data.
2. Take, and assign, ownership
For many retailers, it can be difficult to apportion responsibility for GDPR compliance. And if they don’t, it could fall through the cracks.
So who should take responsibility? The legal department understands the letter of the law, of course, but it might struggle to see the full picture of how the organization is using data. The marketing team runs the data strategy, but does not have the legal or technical expertise to ensure compliance. Meanwhile, how does technology bring these functions together?
The most prepared retailers recognize that GDPR, rather than being the responsibility of any single function, is an organization-wide issue. It demands a senior leader from the C-suite who can take ownership of compliance and ensure that every part of the business collaborates to develop a framework for collecting, using and managing data in accordance with GDPR.
3. Get permission
Consent is the core of GDPR. Before a retailer can collect personal data of any kind, it should secure opt-in permission – and a further consent for every type of use they may have in mind for that data.
This will affect every area of retailers’ increasingly sophisticated use of data. Many are already using a broad range of data – email addresses, cookie data, transactions data, loyalty card information, data on in-store browsing collected through free Wi-Fi access – and will want to connect these different data points to build comprehensive profiles of their customers.
Without customers’ explicit permission, retailers are likely to have to stop collecting this data. And gone are the days of organizations simply storing that information in a data lake that can be accessed at will by different parts of the organization: they will need permission for every type of processing they want to undertake.
4. Empower the customer
As well as new rules on consent, GDPR forces organizations to provide details of all the data they hold on a customer if they are asked to do so, and to delete or transfer that information elsewhere on request. These are important new rights for customers.
Some retailers – particularly those with legacy IT systems and data held in disparate locations – will find these demands technically challenging, but compliance means working out how to meet them.
Google’s pioneering approach provides retailers with a potential solution. It gives users access to all the data it holds on them through a single online preference center, which enables them to track and control their profiles – to have information removed, for instance, or turn some processes off. Constructing similar structures will enable retailers to comply with GDPR while giving their customers the responsibility and power to manage their own data profiles.
5. Incorporate future flexibility
Retailers’ collection and use of data evolves at pace, so their responses to GDPR may need to include a plan for ensuring that future activities are compliant, too. Many will need new processes to guarantee that new initiatives do not fall foul of the regulation.
Photographs of faces, for example, count as personal data for the purposes of GDPR. Retailers that link to consumers’ Instagram or Facebook accounts – perhaps as part of a competition – may need to develop processes for ensuring compliance. What happens if such accounts feature pictures of more than one person? This is an example of how the creation of processes that ensure that each new data-related activity is acceptable under GDPR will be a crucial element of future data innovation.
Conclusion: The compliance dividend
As they consider the future of retail and what success looks like, leading firms cannot ignore the role that data-driven innovation and advanced analytics will play. But these advances come with new responsibilities, and organizations’ stewardship of customer data will come under unprecedented scrutiny in the years ahead.
The firms that embrace their new responsibilities under regulation such as GDPR will find themselves free to exploit every new innovation opportunity – and delight increasing numbers of customers. As such, GDPR is an opportunity for retailers: if they ensure their compliance, they will be in a position to both realize their boldest ambitions and gain a clear advantage over their slower-moving competitors.
Jill Standish is senior managing director of retail at Accenture.
No comments found
Retailers push to end special tax treatment for online brands
Conventional retailers are working with industry groups to overturn a tax break that benefits e-commerce brands.
On Monday, the Retail Industry Leaders Association public policy organization called Retail Litigation Center, along with more than 20 retail and wholesale trade associations, filed a document to overturn a rule that the Supreme Court adopted in the pre-Internet era. Specifically, the group hopes to influence the court to reverse special tax breaks given to online retailers.
The brief highlights the pending Supreme Court case, South Dakota v. Wayfair, Overstock, and Newegg, which seeks to repeal the law that keeps states from collecting sales tax from online purchases unless those retailers have a physical presence within their state.
The 1992 decision of Quill Corp. vs. North Dakota upholds this law, which still keeps states from applying sales tax to online purchases. However, the new brief explains that this decision is outdated, since it originally pertained to a majority of catalog companies — a segment that had sales of roughly $180 billion at the time. Currently, online sales today are almost $6 trillion.
“Today’s online giants do not need or deserve the special tax treatment that the court gave mail order catalog companies a half century ago,” said Deborah White, general counsel for the Retail Industry Leaders Association, and president of the Retail Litigation Center. “These online companies have taken advantage of a bygone decision in order to evade the tax collection duties that their brick and mortar competitors perform every day.”
White detailed how prevalent online retailers are, especially with increased access through consumers’ smartphones, laptops, tablets, and computers.
“Online retailers are omnipresent today … in a way that was inconceivable in 1967 or 1992. The ‘physical presence’ rule of those eras was enunciated by the court long before virtual presence was even imaginable,” added White. “Overturning Quill and restoring basic free market competition will not alter or impede the shopping experience. Modern retail is ubiquitous and ultrapersonal. Tomorrow’s consumer will be the ultimate winner when every retailer competes on price, service, selection and value, without government’s thumb on the scale.”
To read the full amicus brief, click here.
No comments found