Merchants are 'lost' when it comes to GDPR

Register now

We may be a year into GDPR, but many retailers have barely even begun their journey into fully understanding the location and flow of their customer’s data, let alone controlling it.

Compliance with GDPR has been challenging for some businesses. Since 2018, more than 95,000 customer complaints resulted in sizable fines for some of the world’s largest retailers, including Amazon, Apple and Google.

The GDPR mandate raised the bar on data privacy standards for European citizens, increasing the emphasis on respecting individual rights by giving back control of personal and sensitive information, and enforcing heavy financial penalties for businesses that fail to do so.
While GDPR is officially a European mandate, if a U.S.-based company sells any sort of good or service to customers in Europe, they must also maintain compliance with GDPR.

So far these massive companies have been able to shoulder the fines without impacting their core business, though not every retailer can afford to take a hit from mismanaging their data. But what’s at the core of retailers’ inability to keep track of customer information?

The answer is, unfortunately, not an easy pill to swallow. In their efforts to understand data privacy regulations and maintain compliance, it’s become clear that a large number of retailers simply don’t know the true whereabouts of their customers’ data, never mind how that data is being used. In order to meet regulations, understand how the data is used and be able to provide customers with their personal data when requested, retailers must first understand all the places that data exists.

It’s a complicated problem. Customer data is often hidden across dozens of applications and databases that exist within a retailer’s back office system, and if you’re a retailer who works within a network or chain of other stores, that number can increase exponentially. The problem doesn’t stop there. Customer data isn’t static; in a retail environment, this data can move between any number of internal and external stakeholders. From the point of sale and payment, to order processing and fulfillment, customer data can be exchanged any number of times across multiple organizations within a single retailer’s ecosystem.

So it’s no surprise that even the world’s biggest retailers have struggled to maintain compliance with these new data security mandates. These underlying data issues have plagued retailers for years, and even now there is a lack of understanding when it comes to existing data processes. Retailers, whether running on an e-commerce or brick-and-mortar business model, or some combination of both, need a clear understanding of their ecosystem’s integration points and the flow of data between each player. Only then can they fully understand the level of control that’s required to avoid data breaches, thus avoiding costly fines and a hit to their reputation that’ll leave them in dire straits.

For reprint and licensing requests for this article, click here.
GDPR Data warehouses Risk Retailers Payment processing ISO and agent