With less than a year to go before organisations which process, use or exchange consumers’ personal data within the EU need to comply with the new General Data Protection Regulation (GDPR), this new directive will impact retailers, and brands need to know the key steps to take to mitigate the impact when the regulation becomes enforced from 25th May 2018.

The GDPR is legislation that effectively replaces the Data Protection Act 1998 in the UK and aims to harmonise the approach to the protection and privacy of all personal data collected for/or about citizens in the EU. Whilst upholding the values of the free flow of information across Member States, GDPR also gives individuals much more transparency and control over what companies can do with their data.

All retail organisations with physical or online sales outlets operating in the EU, or those that promote or sell advertising or marketing to EU residents, need to be more aware that they have to comply with the new GDPR. It is already passed as law today and is enforceable from 25th May 2018. It is also relevant in regard to a retailer’s management of their employees’ data too.

With heavy fines that can be imposed via the ICO (Information Commissioners Office in the UK) of up to 4% of global group revenue, the risk of failure to comply by the time GDPR is enforced is far too significant to ignore. It’s crucial that the in retailers’ Boardrooms they start to look seriously at what data they capture, how consumer consent for its use is gained, and ensure the use is purely for what GDPR refers to as Lawful Processing. Equally, the complexity of the retail technology environment brings about a significant increase in the volume of potential Data Processors that the Retailer (as Data Controller) has to have appropriate back to back contracts, controls and security measures in place for.

The 25th May next year is not far away in regard to the scale of the review retailers need to undertake, and it’s worth stating too, that the myth that this may go away because of Brexit is simply not true, it is already applicable in UK law.

GDPR will significantly impact how retailers collect and process personal information, be they pureplay etailers or traditional bricks and mortar. We have less than 12 months before the deadline and with hypersensitivity in the market to avoid adding any friction to a customer shopping experience (because of the potential impact to sales conversion), I cannot stress enough the importance of ensuring the e-commerce, store, marketing and trading teams fully understand what compliance to GDPR looks like so they can adapt to deliver a positive and seamless customer experience

Ahead of GDPR, Tryzens has published a white paper aimed specifically at the retail market to explain the major changes, and is running a series of seminars over the coming weeks to help retailers answer the practical questions around what does this mean for them, such as what do I have to do, where do I start, and, how can I do this and minimise any negative impact on my customers.


By Andy Burton, CEO of Tryzens

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/

comments powered by Disqus