What Do GDPR Regulations Mean for Retailers?
by Tomas Diaz
What is GDPR?
The General Data Protection Regulation (GDPR) is a new set of laws in the European Union covering data protection and privacy for individuals. While privacy laws were already in place, this new set of regulations serves as an update to the previous 1995 data protection directive.
What Does GDPR Mean for Retailers?
GDPR changes how customer data is obtained and managed. The new law went into effect on May 25, 2018, and will impact retailers in four important ways:
Retailers are now required to get consent before gathering any personal data. You may have witnessed examples of this consent while browsing the internet in the form of a pop-up notifying you that the organization is using cookies to collect details about your visit. The information collected can include your browsing history while on the site and any personal data you shared with the site via forms. Other examples include a pop-up message requesting that you share your location with options to either block or allow access.
#2: Access & Control of Personal Data
GDPR regulations allow individuals to have easier access to the data retailers store about them. Companies with more than 250 employees must now document why data is collected, how long it is stored, and describe how they are protecting that information. If an individual requests access to their personal data, retailers have one month to provide it at no cost to the individual.
#3: Limits on Communication
Companies may also have to alter their email marketing practices based on GDPR compliance. Under the new law, companies have to prove they received specific consent from anyone they email. Sign-up forms must specify the type of communications being requested. For example, if someone opts-in to receiving a monthly email newsletter, that is all you are allowed to send them unless they have requested otherwise. Sending any other communications via email without direct consent (such as sales incentives or product updates) would be a violation of GDPR.
GDPR regulations will be enforced by The Information Commissioner’s Office (ICO) in the UK with any non-compliance resulting in fines. To avoid fines, some retailers may choose to dedicate a security officer to monitor their GDPR compliance. While GDPR covers the European Union (EU), it’s important to note that the United Kingdom, which is currently in the process of leaving the EU, is implementing a separate Data Protection Bill very similar to GDPR.
The Advantage of Digital Receipts in the Context of GDPR Compliance
Now that email marketing has gotten a bit trickier, digital receipts are becoming even more valuable to retailers. Today, many customers are willing to exchange their personal email addresses in return for digital receipts. Recent research found that 45% of UK shoppers prefer receiving an eReceipt when making an in-store purchase. In fact, digital receipts boast some of the highest open and click-through rates (up to 80% open and 15% click through in some cases) of any emails customers receive and 64% of consumers report that they are willing to receive additional marketing material via their eReceipt. Retailers including Under Armour, Signet Jewelers, Aldo and others have been using eReceipts as a vehicle to capture more, valid emails, increase participation in loyalty programs and drive repurchasing for some time. In light of GDPR compliance, digital receipts may represent one of the best engagement opportunities for retailers.
View the new GDPR law in its entirety, here.