Yet in less than a year shoppers will have the right to demand one retailer export all information they have about them, hand it over to a competitor, and afterwards delete the original records – all potentially all at the click of a button.
This is just one of the ways a piece of EU data legislation, the General Data Protection Regulation – GDPR for short – is going to transform the way retailers and other consumer businesses all over the world manage their customers’ data. The other risk – one perhaps more executives are aware of – is that failure to comply with the new standards will result in fines of up to 4 percent of annual global revenue or €20 million.
Tech teams have until May 2018 to comply with the new legislation. There are a huge number of requirements, but the headline ones are enabling consumers to edit, extract, transfer, and delete any data held on them by any part of the business. However, to consider GDPR only a tick-box exercise for IT would be a mistake: it opens up huge opportunities and risks for new customer propositions and business models.
For example, imagine someone decided to create a ‘data passport’ for consumers. Think of how many websites today allow you to log in via a Facebook account – that’s just the tip of the iceberg because as well as collecting personal data from multiple sources – from retailers to banks to car insurers – such a service will, in the future, be able to request the original sources be deleted. That could be your customer data.
In this scenario, personal information can be ported to any third party only when needed, such as to make an online purchase or get an insurance quote, and removed once the transaction is complete. The business that created the data passport would hold all the power from the customer data. In exchange, the customer would know their data is securely held in one place by a company they trust.
With their data in demand and back under their control, customers will have the power to expect more personalised benefits in return from the data passport company. For example, it could be a shopping app that aggregates all the best deals and prices on their favourite brands into one ‘basket’. Another way could be aggregating groups of users with similar spending habits (such as certain products and brands) to get bulk deals on their behalf. These new customer propositions could transform shopping habits.
Supermarkets need to ask themselves whether they want to take on a role holding their customers’ data passports. There are clear benefits, but it will place additional burdens on their data storage capabilities and increase pressure to attract and retain the best Chief Data Officers and data-engineering teams. But if they doesn’t do it, someone else eventually will.
It will be important to be able to defend against anyone else using GDPR to take your business’ data – and this could be another retailer or a tech giant, a bank or a start-up, or any other kind of business. One technique may be to have smart ways of anonymising customer data that preserves their business insights even if an individual asks for their specific dataset to be deleted. Also, invest in becoming a brand people trust – by both securing your data and communicating those measures to customers.
Preparing for when GDPR places data firmly back in the hands of customers has to be done now. There is only a year to go until it becomes law on 25 May 2018. Retailers needs to start getting innovative about how they attack and defend using the capabilities it enables, and avoid dismissing it as something for the tech team to deal with.
This article was originally published in The Grocer: Click here to view.