Big changes are on the horizon for how retailers (as well as every other business) will be able to handle data.
On May 25th 2018 new regulations will come into force that will change the landscape of data protection dramatically. The General Data Protection regulations (GDPR) are being introduced to ensure that consistent and stringent guidelines are followed by businesses throughout the EU, as current data protection regulations differ from country to country.
With cyber-attacks and data breaches a prominent issue over the past few years, GDPR aims to tackle the lack of thought across businesses with regards to the protection of individual’s data, introducing harsher fines that could seriously impact a business should they fail to comply with the regulations.
Whilst this all sounds very doom and gloom, there are a number of things that businesses can do in order to ensure they are compliant by the time May comes. Here we outline just a few things that you can do to prepare your retail business for the upcoming changes:
Complete an audit of current data
Understanding your current data is the first step; what data do you have? Where is your data stored? Who is overseeing the data? How secure is your data? And what is your data being used for? If your data is stored on various databases, it would be a good idea to consolidate your data, so that it can be secured in one place.
Review processes for gathering data
Consent by individuals to use their data is one of the major changes occurring with GDPR. Individuals must actively agree to their data being used for a certain purpose (e.g. marketing, product updates, etc.), that means no more pre-ticked boxes or assumed acceptance. If you want to use data for multiple purposes, individuals will need to consent to each use separately. Within this you need to be explicit to an individual as to what their data will be used for, and how to withdraw consent.
Keep a record
Ensure that you keep thorough records of what data your organisation gathers, when it was consented to, how it was consented to, the purpose for which you will be using the data and if/ when an individual withdraws consent.
Understand what to do in cases of data breach
Both business owners and managers, as well as any employee within a business that deals directly with customer data, need to be up to speed with GDPR and what it means for their business. It is important to have an understanding how processes will change come May 2018. In addition to this, your business needs to know what to do in case of a data breach, who to contact and what information will need to be gathered.
These changes may seem frustrating however, they will ultimately lead to a more effective and targeted approach to data management for your business.