The deadline approaches for GDPR compliance – are you ready?

Unless you’ve been in a media blackspot, you are likely to know that 25 May will mark the arrival of the much anticipated General Data Protection Regulation (GDPR). The introduction of this legislation is the biggest shakeup to data privacy regulations that this country has seen in close to 20 years - so it’s unsurprising that many have been rattled by its advent. Indeed in the months leading to this point there has been considerable speculation, hype and, to some extent, scaremongering regarding what it means for retailers today. In short, GDPR is an EU law that will replace existing data protection laws across all EU countries (including the UK). It will require any company doing business with EU customers to prove that they have a valid lawful basis to process personal data and that they have adequate processes to manage and protect this data. There are six lawful bases for processing data, as set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data: consent, contract, legal obligation, vital interests, public task, legitimate interests. What will be the impact on retailers? With newly centralised requirements, increased breadth of application, and higher potential fines, retailers (and other companies) will have to be more accountable for how they collect, store, and use personal data of their customers. Customers stand to gain from the new requirements as well, as GDPR will establish across the EU a consistent right to access, update and remove the data that businesses hold on them. The complexity of the new requirements have rung alarm bells for retailers over how to continue effectively engaging with customers - particularly around the success of customer experience (CX) programs. After all, good CX practices and keeping a constant pulse on customers, rests on processing more customer data. Turning GDPR into a positive opportunity While compliance is usually seen as further red tape to navigate, GDPR can actually be viewed as an opportunity for retailers for the following reasons: Establishing transparency and trust with customers – Under GDPR, customers will have the right to know exactly what personal data is collected by retailers they interact with, and how those companies use that information. Many retailers are embracing this as an opportunity to establish a new level of trust with their customers, and to make their businesses more customer-centric. Broader awareness of privacy rights - With all the attention toward GDPR, employees across all parts of a business are paying closer attention to honouring customers’ privacy and data rights. With this wider understanding, retailers will be better positioned to create experiences that establish trust with their users. Designing products from the user’s point of view - GDPR requires companies to take into account a user’s privacy rights from the outset. With this focus, data protection and user trust will be core considerations for the customer experience. With GDPR just around the corner, it’s clear that changes will need to be made to the way in which retailers manage customer data in the future. This isn’t just another fashion fad - but rather, something which can and should be viewed as, an important stride forward to building a customer centric culture across the retail world. Like a timeless classic, it’s an investment worth making, and one which is likely to reap rewards if handled well. Kareena Uttamchandani is a senior manager for solutions consultant at Medallia, who aim to help businesses ‘win’ by improving customer experiences.