Retail Executive

NOV/DEC 2017

Retail Executive is the trusted advisor to top retail executives from the industry’s most profitable retailers. We help retail executives succeed in their job role and grow their business via exclusive, actionable, peer-driven content.

Issue link: http://digital.retailexecutive.com/i/889383

Contents of this Issue

Navigation

Page 31 of 47

How GDPR Will Affect U.S. Retailers The May 25, 2018, implementation date for the General Data Protection Regulation (GDPR) mandate is fast approaching. Here's what you need to know. K E V I N K E A N E Attorney at law, Kevin P. Keane In sum, the sweeping mandate of the GDPR is de- signed to regulate the processing and sharing of per- sonally identifiable information. The GDPR covers the entire custody chain of PII data from the moment you collect to that moment when you delete. Did you note the finer point in Mr. Vecci's comment above? Despite the reference to data protection in the GDPR acronym, it is first and foremost a privacy regula- tion devised to protect the individual citizen-consumer. The GDPR is a big gorilla, and a serious change agent that will remake the world of digital direct marketing. In a dramatic early example of how firms will deal with privacy under the GDPR and similar privacy rules and promulgations, one should note that the U.K.-based chain of nearly 1,000 pubs called Wetherspoons said no mas earlier this year, deleted its entire customer email marketing list, and told its customers it would no longer send email newsletters — even though the customers had opted in. Is it the first GDPR-induced hangover? One of the most oft-cited alarms about the GDPR (be- yond mandatory breach notification) is its heavy-hand- ed fines for violations. You have likely seen the stats — up to 4 percent of your annual worldwide gross sales (turnover), or 20 million euros. Elizabeth Denham, a Canadian, is in her second year as Information Commissioner in the U.K., and in Au- gust, she wrote: ou can't avoid it, ignore it, or hope it will go away. In fact, a retail consultancy in Brit- ain observed in mid-May 2017 that even post-Brexit, retail in the U.K. is the one in- dustry most likely to be impacted by the GDPR, both online and in-store. Being located in North America of- fers no absolution. THE ACCIDENTAL TENTACLE As Brian Vecci, technology evangelist for Varonis, says, "Most companies aren't prepared at all. You've got com- panies sitting in the Midwest of the United States that because someone from the EU signed up for their news- letter are suddenly subject to one of the most onerous privacy regulations ever. That's what's so grand about the GDPR. It cuts across all verticals. It doesn't just im- pact financial organizations or hospitals. If you have personally identifiable information (PII) from one of the 28 member states, then it impacts your organization." WHAT IS THE GDPR? The GDPR is comprised of 173 recitals and 99 articles and is replete with exemptions as well as exceptions to those exemptions. It's a complex tapestry that ignores borders and boundaries, and even though your main business is "Back in the U.S.," you are almost certainly stuck smack dab back in the GDPR. Y "Back in the U.S., Back in the U.S., Back in the GDPR …" With apologies to Lennon-McCartney, the above reworking of their lyrics from the Beatles' 1968 tune, "Back in the USSR," is most apropos as the global retail ecosystem stares down the barrel of the May 25, 2018, implementation date for the General Data Protection Regulation (GDPR) mandate across the eurozone and, by extension, the globe. GDPR Technology By K. Keane HOW GDRP WILL AFFECT U.S. RETAILERS RETAILEXECUTIVE.COM NOVEMBER/DECEMBER 2017 30

Articles in this issue

Links on this page

Archives of this issue

view archives of Retail Executive - NOV/DEC 2017