Retail Executive

NOV/DEC 2017

Retail Executive is the trusted advisor to top retail executives from the industry’s most profitable retailers. We help retail executives succeed in their job role and grow their business via exclusive, actionable, peer-driven content.

Issue link: http://digital.retailexecutive.com/i/889383

Contents of this Issue

Navigation

Page 32 of 47

G D P R Effective from March 25, 2018 Substantial penalties Applicable worldwide Tool for ensuring compliance with GDPR Prompt incident reporting Right to be forgotten PENALTIES up to 20 mln euro or 4% annual worldwide turnover APPLICABLE WORLDWIDE as long as the organization stores personal data of EU citizens RIGHTS OF THE DATA SUBJECT enhanced right to information, right to be forgotten DATA BREACH REPORTING within 72 hours, severe penalties for failure to report that data is and forevermore remains under the con- struct of the GDPR, solely owned by that ever-more eva- nescent individual citizen-consumer. FORGOTTEN, WHO ME? Under the GDPR, individual consumers' consent to use of their own PII data must be informed, active, and freely given. Clicking an irritating online consent box while in a hurry to place an order for a new frock is no longer acceptable, nor is salting the real use of PII deep in the mumbo-jumbo of website terms and conditions. The GDPR gives the wildcat consumers absolute power over their own "oil." The consumer really owns the right to be forgotten. YOU WON'T BE READY BY MAY 25, 2018. NOW WHAT? Many retailers were not fully ready for the October 2015 PCI EMV liability shift deadline, and it is accepted opin- ion around the world that most companies will not be GDPR ready on May 25 next year. But you must strive to get closer to compliance and to appreciate the massive change the rule encourages. The MarshMcLennan subsidiary Oliver Wyman predicts this: "The GDPR grants EU consumers broad rights to access, correct, and delete their personal data. As a consequence, Oliver Wyman esti- mates that at least 90 million gigabytes of data may be implicated." What that stat must teach any retail company who may do business in Europe, even accidentally via an m-commerce app, is that you must be engaged with the goal of GDPR compliance. You almost certainly can't do this alone; you will need expert assistance and probably European-based assistance. If you haven't yet begun, commence now. R " … this new law is about – greater transparen- cy, enhanced rights for citizens, and increased accountability. This law is not about fines. It's about putting the consumer and citizen first." Perhaps the U.K., Canada, and the U.S. are more likely to offer a hearty fist bump to economist Adam Smith's long ago positing of the "invisible hand" of self-regula- tion in the markets; and perhaps one could muse that Europe is less trusting of such munificence. I have long espoused the view that Europe is far ahead of us colonists in terms of proactively engaging in the realm of #Cyber-IN-Security and #Privacy, and we should all note the truth that cybersecurity and privacy have merged into the same holy crusade against cyber crooks. Nevertheless, an accurate aphorism for retail as practiced around the world is "data is the new oil" and to regulate "data controllers" and "data protectors," in defense of individual citizens called "data subjects," is the new reality in Europe and is coming soon to your commercial enterprise, too. M-COMMERCE IS REMORSELESSLY ON TREND In an effort to stay close to customers, who may only briefly tarry in a brick-and-mortar emporia, smart re- tailers have avidly embraced the use of data as a means to provide customization and personalization, delivered anywhere, anytime, on any device, using omni-channel marketing to seek meaningful connections with elusive consumers who seem to eschew the physical store more and more. Great retailers leverage search advertising, geo-fencing and tagging, beacons, augmented or virtual reality, and more — all great tools that run on gushers of hugely valuable oil otherwise known as PII. Caveat emptor? Retailers obtain that data from their customers; from social media and websites and con- tests and sweepstakes; mobile apps; and from first-par- ty or third-party purveyors of data. The plain truth is, SOURCE: GDPRcoalition.ie RETAILEXECUTIVE.COM NOVEMBER/DECEMBER 2017 31

Articles in this issue

Links on this page

Archives of this issue

view archives of Retail Executive - NOV/DEC 2017