Impact of the GDPR on US Retailers
With just over a month left before the implementation of the EU General Data Protection Regulation (GDPR), designed to protect the data and privacy of EU citizens, many EU retailers are scrambling to ensure their businesses achieve compliance. But this new regulation affects more than just the EU. US retailers that operate in Europe or hold data on individuals from Europe will also need to make adjustments to ensure compliance with these new privacy regulations, or risk being penalized with significant fees. Think you're in the clear because you're not selling to anyone in EU countries? You'll still be impacted, and maybe in ways you didn't expect. The law is changing, but — more importantly — so are customer expectations. Getting ahead of those expectations and their ripple effects is vital.
Data-driven marketing will be changing.
Behind-the-scenes online tracking is going to be less acceptable by consumer expectationcan and explicitly disallowed by GDPR. Customers must actively opt in — they must click a button, checkbox or something similar to give consent to share their information. Offering forced opt-out is no longer enough, and a notification followed by an assumed opt-in if they don't interact isn’t enough. Consumers must say ‘yes’ and initial studies have shown that many won't, which will mean less data available. Data-driven marketing is expected to become more difficult and less effective as consumers opt out of data collection and become more privacy focused. For example, Facebook has already disallowed the use of third party data in their ad targeting system.
Retailers will need to actively assess all their marketing channels over the coming months. The conversion from these types of targeted marketing initiatives may show a slow decline as third party data quality and availability changes. But there are other options. Adding loyalty programs is a way to be upfront with customers and still get robust data directly from your customers. Offering a richer, more compelling email experience is another value-adding tactic. Consumers are becoming aware of the value of their data and won’t be giving it away for free — or in some cases, at all. So offering something in return, such as a discount or useful content, can help secure consumer data the right way.
Emphasize privacy throughout the customer lifecycle.
After many high-profile news stories about customer data breaches or misuse of private data, the tone of public discourse around online data has changed considerably. The GDPR is especially timely, because the protections provided to customers through this regulation are right in alignment with what consumers are starting to demand — the ability to opt out, the ability to see what information a company has about them, and the ability to request that that data be deleted, among other things. Customers are angry that their personal information has been treated, in some cases, cavalierly — bought and sold and lying around with no or insufficient security protections. Now, retailers will need to be prepared to directly address consumer privacy concerns through clear privacy policies, securing customer consent, protecting the data they have, and allowing customers access to and control over their own information. Even if you don't operate in the EU, many high profile companies do, and their adoption of GDPR standards will reset customer privacy expectations across all companies.
Enforce company-wide responsibility.
To get ahead of this trend and ensure that customers are satisfied with how their data is being handled, retailers will need to view GDPR compliance or privacy sensitivity as an organization-wide responsibility, from marketing to legal to the C-suite. To achieve GDPR compliance, companies are now also required to have data protection officers in place, and take reasonable steps to protect data. For example, encrypting personally identifiable data, and having internal data retention and handling policies that put the customers privacy first. This focus on security and privacy is important for all companies, regardless of GDPR, and will likely involve a shift in company culture; retailers should consider company-wide training to ensure that the entire organization understands best practices for data handling and ethics. Perhaps more importantly, retailers should also communicate the steps their company is taking to the customer, so consumers know that the retailers they buy from are making every effort to protect their data and handle it responsibly.
The GDPR is ushering in a new era of customer expectation and retailer responsibility, and the retailers that rise to the occasion and make the necessary changes will be rewarded with their customers' trust and business. Follow Team Virid on Twitter, Facebook, and LinkedIn for more content like this!