Retailers to lose a sizeable chunk of customer databases
With the EU’s new data policy coming into effect, and Sofie Willmott, a senior retail analyst for GlobalData, says retailers should be prepared to lose a sizeable chunk of their customer databases.
‘‘As well as the setback of additional costs, retailers must also be prepared to lose a sizeable proportion of their customer database as subscribers ignore communications to opt in to receiving marketing messages or choose to take the opportunity to opt out in order to declutter their inbox,” she said in a statement.
The GDPR requires any organisation that offers goods or services to consumers in the EU or monitors their behaviour to comply with these rules, no matter where the organisation is located.
EY partner in digital law Alec Christie estimates that about a third of Australian businesses, including many retailers, may be subject to the GDPR.
Starting May 25, these businesses must obtain consent before collecting any personal data from EU residents, and they will no longer be allowed to use long, illegible terms and conditions agreements to do so.
Under the new rules, consent must be given in an easily accessible form, in clear and plain language and with the purpose for data collection attached to that consent.
Businesses are also required to encrypt or tokenise personal data of EU residents that is stored and inform the supervisory authority within 72 hours after becoming aware of a data breach.
An EY survey in February indicated that only 18 per cent of local firms have a plan in place to comply with these new rules.
According to GlobalData, ensuring compliance of GDPR’s stringent rules requires time, money and resource – which most retailers don’t available.
But the analytics firm says that the tighter guidelines around personal data are necessary, given the increased use of the internet since the EU’s previous data policy was set in 1995.
It suggests online pureplays with large tech divisions are likely to be the best placed to cope with this change considering their ability to quickly adapt.
“Multi-channel retailers, though generally having a tougher time than their pureplay counterparts and less cash to spare, must invest in making changes to future-proof their companies as this issue will only become more prominent as consumers become more conscious of the use of their personal information and the increasing powers they have to control it,” Wilmott says.
The maximum fine threatened for non-compliance with the GDPR is 4 per cent of annual turnover or €20 million, whichever is greater.