The GDPR is fast approaching. On the 25th May, the regulations will be in full force and you’ll need to make sure that your organisation complies. Failure to comply could land your organisation with a whopping £15.3 MILLION fine (or 4% of annual turnover), so you need to be ready.
GDPR in Retail
Data collection and retail go hand-in-hand. Retailers use customer data to create targeted-market campaigns, better communication strategies and it enables one-to-one engagement with customers. But retailers must be even more cautious than before when it comes to protecting this data and managing how it’s stored.
Many retailers have yet to get round to thinking about how they handle people’s data but with the GDPR bringing in stricter guidelines and harsher penalties, it should really be a priority.
According to boldonjames, only 19% of all organisations have started training for the GDPR. That’s extremely shocking when you consider the fact that the GDPR is just around the corner.
One of the biggest concerns for many retailers is the need for explicit and unambiguous consent for any use of personal data. But remember, while it may seem insurmountable, the GDPR wasn’t designed to be a massive pain in the neck - it’s designed to help protect customers...your customers. Complying will make them safer.
How can retailers comply?
So, what do retailers need to do to ensure that they’re prepared for this massive change? For a start, you’ll need to think about how you obtain people’s consent to use their data. You need to be clear and transparent with the information you provide, giving details on exactly why you want their data, how you’ll use it, who gets to see it and how long you intend to keep it. You’ll also need to be able to prove that your customers have given explicit and unambiguous consent - no more opt-out checkboxes or silent/ tacit consent.
You’ll also need to have systems in place so you can easily change, delete or transfer any, or all, of the data you hold on a person - the GDPR gives people the right to alter the data you hold on them, delete it, update it, move it, request a copy of it or tell you to stop using it altogether.
To help you prepare for the GDPR, it may be a good idea to draw up a data map. Data mapping will help you:
- Understand the information flow: where does the data come from? Where does it go? Who is responsible at any given time?
- Describe the information flow: this will help you identify whether all the data you hold is necessary, whether there are any areas of weak security - as well as making sure everyone involved in the data flow is aware of the practical implications.
- Identify the key elements of the data flow - what kind of data do you process? How is it stored and transferred? Where is it kept and who has access to it?
General Data Protection Regulation Training
To help you prepare for the new regulations, we’re developing our GDPR training course. It covers everything, making sure you’re ready for the change.
Every organisation (whether EU based or not) needs to comply with the General Data Protection Regulations when they come into force on 25th May 2018, but many organisations are already implementing policies and procedures now to make the transition smoother.
Are you ready? Work towards compliance and register your interest in our course now!