How GDPR will impact online retailers

Approximately 87 per cent of UK consumers bought at least one online product last year, and the UK is second only to Norway for making ecommerce purchases in Europe. With the industry booming, Roxanne Abercrombie, content strategist at live chat software specialist, Parker Software, explains how general data protection regulation (GDPR) will impact online retailers.

GDPR is a regulation that gives European citizens more control over their personal data. Ultimately, companies must follow uniform rules on how personal data is obtained, used and stored, or face severe penalties.

No industry will feel the force of GDPR more than retail. Retail businesses are on the front line of GDPR because of the connected nature of modern retail. Websites that track customer identity, loyalty programmes and marketing techniques based on past purchases are all within the scope of impeding GDPR.

Consent is at the heart of this regulatory change. For retailers, this means anyone they contact, whether via post, email or phone, must have given informed consent to receive this communication. A pre-ticked box at the checkout doesn’t count. The consent must be freely given, specific, and unambiguous. This means using appropriate data capture language at all times.

Compliance will be demanded of all businesses handling EU citizens’ data by May 25, 2018. Retailers must therefore take this time to obtain consent from their customers, as any that haven’t consented in time must be completely removed from your customer databases.

Live chat matters

If you are a retailer that uses live chat software, such as WhosOn, you’ll have to tweak your processes to ensure GDPR compliance. When you engage your customers using live chat, there are several touch points at which you could be acquiring the personal data of EU consumers. Businesses still need valid consent to use and store this data.

You might be storing live chat data in your CRM or database, or using it to populate web or sales reports. So, tell users what data you need, and why you need it. Let them know where it will be stored. Give them an easy way to change their mind and opt-out at any time. In short, respect your customer’s rights, and don’t withhold information.

Additionally, as someone who stores personal consumer data, you are responsible for keeping this data safe. If you use the cloud, choose a high security data centre in an EU-approved country. Any data you store internally should be protected by appropriate means, including, but not limited to, passwords, firewalls, and encryption.

Your customers will also be able to request access to the data you have on them, and ask you to delete this data on demand at any time. This means that you will need to have the relevant procedures in place to handle such requests.

It’s not all doom and gloom

As well as raising internal awareness on GDPR, it’s also an opportunity for retailers to increase the value of their communications. Consumers are much more likely to consent if your communication is useful and unique. You’ll also need to assess your website design; is it easy for customers to subscribe to your emails or do they need to go searching?

Equally, as an estimated 60-80 per cent of data that organisations, including retailers, are storing is redundant, obsolete and trivial, GDPR is a great opportunity to audit, review and organise the data you have and clear the decks. Retailers will end up with a customer database containing an audience that is genuinely invested in their brand and services.

Now is the time to put the necessary procedures and processes in place, ready for May 25, 2018. Whether you’re a retailer based in the UK or Norway, there’s no getting away from GDPR: it is EU law.