Consumer data protection is a hot topic for retailers today. This is due to the fact that consumers around the world are calling on their governments to put stronger regulations in place to protect their personal data from improper use by private companies. Lawmakers within the European Union agree, and on May 25th, 2018 the General Data Protection Regulation (GDPR) went into effect. While you may have heard about GDPR in passing, many retailers working with customers outside of the European Union are still unsure about whether these new restrictions will impact their business, and how – if at all – to prepare their retail operations for any changes that might be coming their way.
Make no mistake, GDPR is affecting retailers across the globe whether they sell within the European Union or not. With that said, let’s take a look at what GDPR entails and how it will impact retailers outside of the European Union.
Understanding the Regulations
The GDPR is a complex set of regulations that govern how organizations can use customer’s personal data, as well as expanding the definition of “personal data” to encompass, according to the European Union’s GDPR website, “Any information relating to an identified or identifiable natural person…who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
GDPR also fines companies that use their customers’ personal data without their customers’ consent. Under GDPR regulations, customers need to opt-in to having their data used for marketing processes. Luckily for most retailers, 58 percent of American consumers will share personal data under the right circumstances and this number increases when there is a clear value proposition for the exchange – such as a percentage off the price of their purchase, or increased loyalty points.
What Does it Mean for U.S. Retailers?
First and foremost, the new GDPR restrictions mean that American retailers need to keep an eye on consumer data protection legislation in the U.S. The laws governing consumer data are constantly being updated in the U.S. as well as abroad, and American consumers have been quite vocal about their desire for the government to enact stronger legislation to protect their personal data. Retailers need to regularly check up on data protection legislation to ensure they remain compliant as regulations become more stringent in response to customer demand.
In fact, California just passed the California Consumer Privacy Act of 2018, which mirrors GDPR in calling for heightened transparency as it relates to customer data. The Verge reports, “Companies that store large amounts of personal information — including major players like Google and Facebook — will be required to disclose the types of data they collect, as well as allow consumers to opt out of having their data sold.”
Actions to Take Now
All indications point to the fact that the EU’s GDPR legislation is setting a precedent for the rest of the world, and that data protection regulations in the U.S. will, in time, be equally rigorous. Retailers using customer data as part of their marketing strategies should aim for GDPR compliance now so that they will not have to scramble to get their operations up to par as new regulations are enacted across the U.S. Getting a head start on data compliance can save retailers significant additional expenses down the line. Even retailers who do business in areas where consumer data privacy legislation have yet to be enacted might already be breaching privacy laws in certain states. After all, what percentage of American retailers don’t do business in California?
To prevent the sudden need to implement an expensive data compliance initiative down the line, retailers should immediately begin to prepare operations for more stringent legislation. A little foresight will go a long way in minimizing the costs for retailers preparing their in-store and online operations for evolving data privacy laws. Additionally, by asking their customers’ permission before these laws are in place, many retailers can avoid having to erase or destroy their existing customer data down the line.