Since the implementation of the General Data Protection Regulation (GDPR) one year ago, there has been a huge surge in businesses improving their cyber-security and personal data handling practices. However, inaccurate regulatory interpretations and the size of possible fines for non-compliance may be inhibiting some retailers from making full use of the personal data they process. But with careful use of personal data, retailers can not only meet business objectives, but also win customer trust.
A major aim of the GDPR is to improve transparency and openness from data controllers, and therefore instil trust in them. Retailers have previously been criticised for collecting vast amounts of data without having a clear reason for needing it. By now, retailers should have reviewed their legal basis for processing personal data and have stopped collecting data where they can’t determine how they will use it. However, there are some retailers who are still sailing close to the wind when it comes to compliance.
In years gone by, retailers may have requested one consent (often using a pre-ticked box) to send different marketing communications. Under the GDPR, consent must be “freely given, specific, informed and unambiguous” and demonstrated by a “clear, affirmative action”. This has brought marketing practices into the spotlight and forced retailers to move away from bundled consents (such as obtaining one consent to send food offers, information on lending services and clothes range adverts). This requirement has also necessitated a shift away from pre-ticked boxes, so a refresher of many consent forms has been required.
Despite the initial fears, it seems the new regulations didn’t have the overwhelming negative impact many were predicting. The majority of re-permission campaigns were successful and as a result there is less wastage of direct marketing material – messages are only being sent to those who actually want to receive them. Building GDPR compliance into a campaign from the beginning will allow retailers to create something that is likely to be more beneficial in the long run.
Reward schemes are a huge part of the retail industry and have required assessment post-GDPR. Customers who sign up for reward schemes don’t always understand what data is collected about them and that they might be profiled on the basis of that information. Communicating this clearly is the responsibility of the retailer and, if handled correctly, the chance is that this transparency will translate to trust.
Retailers should focus on changing perceptions both at a business and consumer level so that the GDPR is seen as an enabler of customer trust, rather than an inhibitor of progress. This will require businesses to come up with creative and innovative solutions, but in the long term should help to promote trust in the industry and enable early-adopter retailers to gain a competitive advantage.