On the 25th of May 2018, the new General Data Protection Regulation (GDPR) standards begin to be enforced.
What this means is that any organisation, including retail businesses such as grocery vendors. They can be punished under EU law if they fail to comply with the new legislative requirements of GDPR.
This short article takes a look at 5 core operational changes that grocery retailers need to make to become compliant with GDPR.
Operate a Proactive Approach to Cybersecurity
GDPR calls for several core technologies to be deployed in order to operate a proactive approach to cybersecurity.
The most disruptive of these technologies from an adoption viewpoint is the requirement that all data kept encrypted at all times.
Previously, encrypting data during transfer across public facing networks has been sufficient to comply with Data Protection legislation. When GDPR comes into effect, data must be encrypted when it captured, transferred, processed and stored.
From an operational point of view, a business must begin to proactively identify and evaluate risks to data security and implement business processes to mitigate these risks.
Furthermore, there is a requirement for all actions performed on datasets, such as analysis, reporting etc., to be managed by a data controller. Who takes responsibility to ensure that the data kept secure at all times.
Make Consumer Data Available
With GDPR consumers have an increased level of protection when it comes to how a company captured and used their private data.
Under General Data Protection Regulation (GDPR) every individual has the right to request to see a copy of all data a company has on them.
This data must be provided to the individual promptly and in a format suitable for accessing using basic technologies such as a web browser or text editor.
Additionally, every individual now a “right to be forgotten” meaning that upon request. The business must delete all data that it stored associated with the person.
Manage Internal Data
In a similar way to consumer data made available to consumers and the right to be forgotten. Employees of a company will have new rights under GDRP with regard to the data the company stores about them.
Every employee has the following rights under GDPR:
- To be informed of how their private data will be used.
- Have access to all data pertaining to them on request.
- To have any mistakes in data stored about them corrected.
- The right to prevent their personal data being processed as per their wish.
- The right to take their personal data with them when they leave the company.
- For grocery vendors, this means that key business systems such as vehicle scheduling, HR management, payroll etc. must now conform with the above employee rights.
Revise Data Collection Methods
GDPR will have some serious effects on the way that a grocery business collect information about its customers.
This will affect many of proven ways that retailers have used private data in the past to maximise sales and generate revenue.
Browser cookies, the use of third-party consumer data. Any way that digital information used to track consumer actions such as loyalty schemes and referrals, are all affected by GDPR.
The single change under GDPR which had this effect, the new requirement for all private data to be anonymised. What this means that all data that stored must traceable back to a specific person.
In other words, it is now illegal to capture and store a person’s contact details along with transactional data such as website tracking data.
Modify Marketing Communications
Grocery retailers, especially those that operate some form of e-commerce platform. Or use any form of digital marketing, going to need to rethink their marketing approach to become compliant with GDPR.
Under GDPR two key requirements entirely change the face of digital marketing:
- Data only captured for a specific relevant purpose. This means that capturing additional consumer data at the point of sale in order to remarket to them at a later stage now illegal.
- Tby the grocery retailer must gave consent for all data captured to consumers. Meaning that no data captured without telling the consumer. how it used? And the consumer gave their consent.
GDPR, a massive change to the way that every organisation will need to operate. Grocery retailers who rely on digital channels for marketing. And sales need to make some extensive revisions to their business processes as well as changes to core technologies to become compliant.
This short article really only scratched the surface of the implications of GDPR for grocery retailers. The full GDPR guidelines take up several volumes.