3 Things Retailers Should Do to Get Ready for GDPR

euro-gdpr-retailer-imageIf you’re a retailer, you know that, thanks to technology and customer expectations, you’re in a sink-or-swim industry. “Chore” vs. “cherish” shopping, chatbots for customer service and product information, data-driven social media marketing campaigns … these challenges are just a drop in your bucket.

Starting May 25, there will be another hurdle: GDPR, the regulations that give European Union (EU) citizens the right to know who has their dataand how it was obtained, and even to demand that it be “forgotten.”

In this new reality, businesses will have to know their customers’ data like never before. And not just EU businesses. Any company that interacts with a single EU citizen, whether as a customer or through online marketing, could face stiff fines for noncompliance.

In the past, this might have meant large companies, the ones most responsible for the billions of dollars of goods shuttled between Northern Atlantic shores each day. But today it includes many small and midsized American retailers that continue to dominate the cross-border market.

Unfortunately, businesses big and small seem to be unprepared. Here are three things retailers can do to right the ship and face the currents coming across the pond:

Related story: How Grocery Retailers Can Work Towards GDPR Compliance

1. Build a customer data hub.

Retail businesses are often plagued by inefficient legacy systems, producing geographical errors, logistics mistakes, inadvertent table errors, data integration errors, data model errors, data report errors, data entry errors and metadata errors. All of these shortcomings make identifying unique customers opaque.

Imagine a Google-esque interface where you could type any part of your customer’s name, email or address and find all their data, including where it lives, how many copies you have, and make any necessary changes to that data. Whether referring to this as a data hub, master data management (MDM) or application data management (ADM), GDPR crystalizes the requirement around customer information.

Are regulators likely to demand your data protection officer (another GDPR requirement) provide chronologically ordered sets of manual records that contain genetic data, biometric data, key-coded data and personal data from IP addresses on May 26? No. But the inquiries may come sooner than you think.

2. Automate the mundane and forgettable.

Building on the customer hub, intelligent data hubs now exist that leverage artificial intelligence (AI), machine learning (ML) and other algorithmic approaches to better match, classify, find and discover personally identifiable data buried in existing systems.

Consider the volume of data, minutiae of detail and capacity required to classify, connect and de-duplicate customer data. The task seems insurmountable without an automated system to do the heavy lifting. Such a system enables human analysts to manage exceptions and subtler situations.

3. Turn GDPR into an opportunity.

At first blush, GDPR puts a heavy burden on people, processes and technology for customer-facing businesses. Looking more deeply, it also represents an opportunity to grow customer loyalty, satisfaction and retention to new heights.

Organizations that compile a clean, well-governed, high-quality customer data set will empower themselves to do this. They can implement smart analytics systems atop their intelligent data hub, put trusted data in the hands of professionals all over the organization, and reap the higher profitability of upsell and cross-sell opportunities.

Preparing for GDPR is likely to be a challenge. In the process, customer-facing businesses of all types will likely reap rewards and get ahead of the curve. As more regulatory bodies consider the sweeping privacy law as a potential new normal model, one poll found that 88 percent of U.S. citizens support a “right to be forgotten” law. That makes good GDPR good business.

The customer is (still) always right.

This article initially appeared in TotalRetail*