On May 25th of this year, the EU will unveil a brand new piece of legislation known as the General Data Protection Regulation (GDPR). This is a comprehensive law on data protection and privacy for all individuals within the European Union, with the legislation replacing the 1995 Data Protection Directive in all member states.
The legislation was created to provide more robust protection for consumers in the digital age, by tackling concerns over big data, privacy and cyber-theft.
Now, while the UK may be braced to leave the EU as a result of Brexit, it will remain a member state until March 29th, 2019 before undergoing a contentious transition period. This means that all British firms must comply with the terms of the the GDPR from the May 25th, otherwise they run the risk of significant financial sanctions being imposed by the EU.
How will the GDPR Impact on UK Retailers?
With the EU threatening non-compliance with a potential fine of €20 million (£15.3 million) or a sum equivalent to 4% of turnover, it’s crucial that UK firms act quickly to safeguard their futures.
Retailers are likely to be particularly adversely effected, given their reliance on data and the relentless rise of e-commerce. Below, we’ll look at this in closer detail and ask precisely how the retail sector is likely to be impacted.
- Retailers will Need to Invest More in IT Services
In a survey of British firms, some 71% of respondents claimed that the complexity of modern IT services was preventing them from fully complying with the GDPR.
Not only this, but just38% of retailers revealed that they were able to locate all of an individual’s personal data quickly, and this could cause huge issues with customers set to govern compliance by reporting misuse during the early stages of implementation.
If retailers are struggling to leverage modern IT services to effectively manage or access their huge data sets in real-time, this is an issue that needs to be tackled immediately. More specifically, retailers must focus on developing a viable strategy that reflects their intended data usage, while also investing more in developing process and capable IT services.
- Retailers Must Revamp How Personal Data is Gathered and Used
On a similar note, retailers will need to undertake a comprehensive review of their data usage ahead of the GDPR being implemented. This applies to both the collection and the application of data, as retailers must comprehend the priorities for on and offline retailing before driving an effective reform.
Beyond this, the GDPR may also force you to reconsider how you utilise disruptive location and security technologies, including iBeacons, virtual reality and facial recognition.
These technologies, along with the core collection of personal data, raise serious ethical and privacy concerns in the digital age, and the failure to consider these could result in significant fines for retailers.
- The ‘Right to be Forgotten’ Will Change the Way in Which you Manage your Data
A key part of the GDPR is the fact that it affords customers in the EU the right to opt out or stop their data being used by retailers. In fact, Article 17 of the legislation refers to the so-called ‘right to be forgotten’, which has seen Google lose a number of high profile court cases regarding the publication and storage of historical data.
This will have a significant impact on retailers, as customers will suddenly have the right to directly edit, extract, transfer and delete any data that is held on therm within a specific business.
Not only could this disrupt retailers’ marketing strategies or approach to segmentation, but it could also lead to potential breaches, court battles and the need to liaise with retail legal specialists such as DWF Law.
Complying with Article 17 will require retailers to adopt a more agile approach to managing and editing data, while also being proactive when responding to customer requests concerning their personal information.
Otherwise, you’ll run the risk of entering into numerous legal disputes and significant financial sanctions under the terms of the GDPR.