A Retailer’s Guide to GDPR: The Basics You Need to Know

Privacy and cybersecurity are top of mind issues around the world right now. Consumers are worried about who has access to their personal data, companies are concerned about the financial and PR consequences of a data breach, and regulators are taking these issues more seriously than ever.

The most sweeping example of regulatory involvement is the European Union’s new General Data Protection Regulation (GDPR). This regulation recently went into effect in the EU, but its impact extends to the entire global business community, including retailers. As such, it’s critical that all wireless retailers comply with GDPR and take action to protect the wealth of consumer data they’re typically entrusted with.

What is GDPR?

Inline-01 (6)

Originally adopted in April 2016, but officially implemented in May 2018, GDPR aims to give more control to EU citizens and residents over their personal data. Essentially, companies are now required to provide all users with a number of fundamental rights, including:

  • The right to ask a company for information about their personal data.
  • The right to access personal data held by a company.
  • The right to have inaccurate information rectified.
  • The right to withdraw consent.
  • The right to object to the processing of their personal data.
  • The right to object to automated processing.
  • The right to be forgotten and have a company delete their data.
  • The right to transfer data between controllers.

Who does GDPR apply to?

These rules were drafted by the EU, but they apply to businesses around the globe. Anyone who does business or requests information from persons in the EU must comply with GDPR. Even if a wireless store primarily does business locally, shipping an order or distributing a newsletter to even a single European user demands GDPR compliance.

What is the penalty for non-compliance?

GDPR is not the first set of data rules to impact wireless retailers, but it is by far the most punitive. Fines are based on the amount of data compromised and the level of misconduct on the part of the company. They are levied after a data incident, and can be massive. In the worst instances, fines could come to 20 million Euros (over $30 million CAD) or 4% of annual revenues, whichever is greater. Considering the potential consequences of a fine, all companies, retailers included, are looking at compliance as a financial imperative.

How can wireless retailers respond to GDPR?

Inline-02 (6)

The EU is notorious for assessing fines quickly and without warning. Waiting any longer to assess your regulatory burden means taking a huge risk. Every retailer will approach this issue differently, but there are three steps all must take:

  1. Determine your liability. First and foremost, figure out whether GDPR rules apply to your store. If you do not offer goods or services to EU residents, you may not be subject to GDPR. That being said, retailers should expect new data rules from North American regulators , as well as growing privacy expectations from consumers. Complying with GDPR is essentially a way of preparing for inevitable North American regulation. 
  2. Work with a consultant. GDPR is a vast and complex set of rules that weaves between the worlds of tech, law, finance, and ethics. Retailers often enlist help to determine their level of exposure and guide their compliance effort. An expert perspective is especially helpful when every detail has material consequences. 
  3. Get your data in order. Overall, GDPR requires data to be transparent, accessible, and erasable. That is only possible when data is integrated and subject to governance and oversight. Compliance comes from a foundation of sound data management.

GDPR is an onerous set of regulations, but it’s important to keep things in perspective. Customer data is the most valuable asset a retailer has. Generally speaking, consumers offer data up freely, and it generates immense revenue opportunities, so the very least retailers can do in exchange is to keep data secure. GDPR ensures that data continues to be an asset for all.

iQmetrix has retail solutions to simplify compliance and drive revenue at the same time. When you’re ready to use data both safely and strategically, contact our team.

Photo Credits: Shutterstock / Goran Bogicevic, Shutterstock / ESB Basic, Shutterstock / Dragon Images