As we approach the first anniversary of the General Data Protection Regulation (GDPR), it feels like a fitting time to reflect back over the past twelve months and to look ahead to the future. There is no doubt that we have seen a huge step change in data protection practice and maturity as organisations have moved from their GDPR transformation programmes into business as usual.

However, the work doesn’t stop there. We are now seeing the impact of the first fines issued under the regulations, adverse scrutiny from privacy activists and regulators, plus the power of the consumer as they become increasingly aware of and actively exercise their strengthened rights under the new law. Organisations can learn from these cases and use the outcomes to improve their business practices, ultimately strengthening their brand and reputation in the marketplace.

For retailers in particular the next twelve months is set to be just as interesting as the last. The battle for customers is being fought online and those who offer the best experience will win. ‘Transparency equals trust’ is not just jargon, it is smart business. The GDPR came into force to re-establish trust and to give individuals increased control over their personal data. Organisations that have seized this opportunity to strengthen their brand and reputation have taken the lead over their competitors. This is particularly prevalent in the customer facing world of online shopping. Alongside creating a clear, trustworthy and positive customer experience, organisations need to ensure they are complying with key privacy requirements from the use of cookies through to transparency about the data they gather and use for their marketing, analytics and profiling activities.

It has long been recognised that marketing is a key focus area for privacy regulators. In our 2017 Enforcement Tracker we highlighted that close to 50% of the enforcement actions taken in the UK alone related to marketing infringements. Nothing has changed since the introduction of the GDPR, except the significant increase in the level of fines which, at up to 4% of annual global turnover, now have the potential to really bite.

We will be discussing all of these issues and more in our webcast with the BRC: ‘GDPR one year on: what should retailers be considering now?’ with Stewart Room and me, Emily Sheen from PwC’s data protection team, We’ll be joined too by Prof. Dr. Srechko Kontelj OAM, Group Legal Director at Specsavers.

In the meantime, we have outlined some key areas that retailers can focus on to improve their data protection practices while positively impacting the online customer experience.

1. Review your online customer journey - Take the time to review your website, including your privacy and consent notices, to ensure you are being truly transparent with users about how their personal data will be used.

2. Put yourself in your customers’ shoes - Make it easy for customers to find and digest the information about how you will use their personal data. Don’t make things difficult by splitting information across different pages or areas of your website and then expecting your customers to piece together the information. Layered privacy notices can be used but they should be designed to provide a clear pathway through different levels of information.

3. Avoid the pre-ticked box - Make sure customers need to take a positive action when giving their consent to the use of their personal data. Stay away from using pre-ticked boxes. Ensure the consent you collect is separated for each different purpose and not tied to other conditions of your service.

Join our webinar: GDPR one year on

Whether your role is in marketing, compliance, legal or tech, sign up to join the BRC and our data protection team for GDPR One Year On Webinar on 21st May at 2pm, as we review what we’ve learnt from the first twelve months of the GDPR. We’ll also discuss the areas that retailers should be focusing on now to balance the use of customer data for transformation and growth against the need to place privacy


 

Emily Sheen //
Data Protection Strategy, Legal and compliance services 

//emily.sheen@pwc.com
//www.pwc.com