18.07.2018 Views

What GDPR Compliance Means for Retail Sectors

On May 25th, 2018, the General Data Protection Regulation or GDPR came into effect. There was certainly a huge chaos around its introduction, which explains why companies still have not been able to understand the basics of it, especially the small-scale businesses where there is no particular individual who is technically aware of its implications and can take the lead in implementing it.

On May 25th, 2018, the General Data Protection Regulation or GDPR came into effect. There was certainly a huge chaos around its introduction, which explains why companies still have not been able to understand the basics of it, especially the small-scale businesses where there is no particular individual who is technically aware of its implications and can take the lead in implementing it.

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

<strong>What</strong> <strong>GDPR</strong> <strong>Compliance</strong> <strong>Means</strong> <strong>for</strong> <strong>Retail</strong> <strong>Sectors</strong><br />

On May 25 th , 2018, the General Data Protection Regulation or <strong>GDPR</strong> came into effect. There<br />

was certainly a huge chaos around its introduction, which explains why companies still have<br />

not been able to understand the basics of it, especially the small-scale businesses where there<br />

is no particular individual who is technically aware of its implications and can take the lead in<br />

implementing it. Here are few fundamental facts that a company should know about EU <strong>GDPR</strong><br />

and its compliance.<br />

<strong>GDPR</strong> Isn’t Merely <strong>for</strong> the IT sector<br />

One of the basic misconceptions amongst businesses is the fact that <strong>GDPR</strong> is an IT issue, but<br />

rather, it is an organizational issue. Every sector collects, accesses, and uses personal data <strong>for</strong><br />

different purposes including hiring, sales, marketing, customer services, etc. Over the years,<br />

there has been a growing emphasis on establishing a systematic approach in order to manage<br />

data that can help companies get accurate statistics to make well-in<strong>for</strong>med decisions. It will<br />

also help businesses personalize their communication to enhance the overall customer<br />

experience.<br />

This provides an array of opportunities within the hospitality, leisure and retails sectors to<br />

tailor their services in order to improve their businesses. However, despite the management<br />

benefits, many organizations still haven’t been in compliance with <strong>GDPR</strong>.


<strong>GDPR</strong> <strong>for</strong> <strong>Retail</strong> Sector<br />

When it comes to <strong>GDPR</strong> compliance <strong>for</strong> retail sector there are four key factors that must be<br />

considered: -<br />

1. A New Perspective towards Privacy Notices<br />

On a retail website, there will be a statement that tells consumers what their personal<br />

data will be used <strong>for</strong>. The retailers must provide detailed in<strong>for</strong>mation that allows the<br />

consumer to make a well-in<strong>for</strong>med decision on whether they want the stores to<br />

acquire and process their personal data. From why the data is needed, its effect, <strong>for</strong><br />

how long the data is a retainer to the consumer’s right to withdraw consent, every<br />

minute detail should be present in that statement.<br />

2. Record Keeping and Accountability<br />

The General Regulation and Protection Regulation requires companies to thoroughly<br />

demonstrate that they have been maintaining records in accordance with the<br />

regulation. This is done in order to imbibe a sense of accountability in retailers. The<br />

records maintained should entail name and contact info of the controller, the<br />

objective of data processing, category of data subject, indication of transfer of data,<br />

etc.<br />

3. Written Agreement with Third Party<br />

<strong>GDPR</strong> en<strong>for</strong>ces companies to maintain a thorough agreement with the third party who<br />

are hired to process the data. If retailers hire outsourcers <strong>for</strong> the collection of data,<br />

then they must have a written agreement that lays down all the terms and conditions<br />

of handling the personal data of the consumers.<br />

4. Address the Individual Rights<br />

<strong>Retail</strong>ers must address the updated individual rights in <strong>GDPR</strong> with respect to their<br />

in<strong>for</strong>mation. This implies the consumer’s right to be <strong>for</strong>gotten as well as the right <strong>for</strong><br />

transferability. This further protects the personal data of the users, which is the most<br />

valuable commodity retailers hold.


While implementing <strong>GDPR</strong> in organizations is certainly challenging, it has become an<br />

imperative step that cannot be avoided. The essential step to be in compliance with EU <strong>GDPR</strong><br />

is identifying and documenting the overall collected personal data and the consent given to<br />

the company to retain and share it.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!