We’re just a day away from the General Data Protection Regulation (GDPR) deadline of May 25th. Even with the deadline quickly approaching, many retailers still aren’t ready for the change.
45% of retailers say they are lagging behind or only partially compliant, according to Capgemini.
While GDPR is European Union (EU) legislation, it affects any retailer selling to European customers. If you’re still unsure what it is and how it affects you, then keep reading. By the end, you should understand why you want to meet GDPR requirements.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU. Failure to comply with these new rules can result in fines that can be revenue-based – either $20 million or 4% of global sales for the previous fiscal year, whichever is greater.
In other words, the GDPR is a new data protection law. And while it was passed in April 2016, it officially goes into effect across Europe on May 25th. This replaces the Data Protection Directive in effect since 1995.
This new law helps in a few areas:
- Provides a single uniform law about the protection of personal information
- Clarifies, strengthens and modernizes data protection, especially for transparency requirements
- Makes valid consent more clear and easier to withdraw
Who does the GDPR affect?
Any company that is processing personal data, or monitoring the behavior of EU residents is subject to the GDPR.
CPC Strategy offers great examples of situations where companies must comply:
- A company located in France that is processing personal data of an individual in South America on a server loaded in the US as part of its business would be subject to the GDPR because of where the company is established.
- If a company is offering goods or services to (regardless of payment) or monitoring the behavior of EU residents, then the company is subject to the GDPR.
- Any data processer for a controller that is subject to the GDPR is also directly subject to the GDPR.
You can see there are many cases where companies across the global will need to meet GDPR requirements.
GDPR Created because of Concerns of Personal Privacy
We’re at an interesting point in the collection of personal data. It’s easier than ever to collect and analyze data. However, this has led to companies collecting more data than they know what to do with. Unclear or unenforced laws have also lead to companies abusing consumer data for their own purposes, whether with malintent or just irrelevancy toward consumer wants.
Now, consumers are learning more about what data they’re sharing and how it’s being used by companies. In some cases, there’s a loss of trust between consumers with companies and how their personal data is being shared.
The GDRP aims to gives consumers an ease of mind over the protection of their personal data. It also encourages companies to be more intentional with consumer data they’re processing. Why are you keeping this data and how are using it to improve the customer experience?
Hopefully the result is that more brands find ways to engage with customers and build trust with them. Customers are willing to share their personal data, but only when they know it’s been used properly.
Meeting GDPR Requirements
While meeting GDPR requirements seems overwhelming, it is not something that you can put off. You should appoint someone in-house or a consultant to oversee your company’s compliance with these new requirements.
For an in-depth view about meeting requirements, review these resources:
Benefits of Meeting GDPR Requirements
Retailers though have an opportunity to further build trust with their consumers by being GDPR compliant. Engage with your consumers about this change and give them an easy, clear opportunity to opt-in or opt-out with your company.
For those that do opt-in in the future, you can be more intentional with their data. Be focused on what data you keep and process. This will help you hone in on data that you can effectively use to personalize advertising, recommendations, or anything else that improves the customer experience.
At the end of the day, it’s all about building trust with your consumers. When you do, your consumers will buy from you again and again. In the long-run, meeting GDPR requirements should help both consumers and companies.