How GDPR and changes in ePrivacy will impact multichannel eCommerce retailers
Expert article by Matthew Parker, Print and Procurement
On 25th May 2018, the data landscape will change
That is the date when GDPR legislation will apply throughout the EU. There will also be changes to the existing ePrivacy rules. These aren’t tweaks: these are major changes in the way that you manage your customer data. Compliancy will certainly become more onerous.
The rules have not yet been finalised. However, it’s important that you start planning on how you will implement them. The draft consultations give companies a good idea of what to expect.
What is GDPR?
The General Data Protection Regulation is a set of regulations that cover how companies and organisations throughout the EU capture, process and hold personal information. It is scheduled to come into force on May 25th 2018. On the same date the existing ePrivacy laws will also be updated.
It is important to note that, after Brexit, the UK will adopt a very similar set of legislation. In addition, both sets of regulations apply to the country of receipt. So, if you deal with any marketing that goes to EU countries you will still have to be fully GDPR and ePrivacy compliant.
Here are some of the key elements of GDPR that eCommerce retailers should be aware of
– Data privacy will take on a wider scope. Data protection and user consent will also now apply to channels such as Skype, Messenger or WhatsApp as well as social media platforms that use messaging such as Facebook and Instagram.
– All B2C one-to-one communication on any channel will now require an opt-in. Silence does not equal opt in. Nor does having had a previous interaction with a customer.
– If your marketing is aimed at children under the age of 16, you will need to gain parental consent to process their child’s data.
– The traditional definition of personal data will change. It will now be much broader and include factors such as social, cultural and economic data.
– These regulations will apply to all companies managing the data, even if they are based outside the EU. Your data providers and data storage suppliers will also need to comply with the new rulings.
– There will be a higher level of requirement to report data breaches.
– Data subjects (i.e. your customers) will be able to request a copy of the data that you hold for them. They also have the right to be forgotten, so you must be able to delete their data from your systems.
– You will need to work on the principle of discarding as much data as possible. Data should not be kept unless there is a clear ongoing use for it.
What should eCommerce retailers do now?
– Firstly, appoint someone to manage getting ready for GDPR. This won’t be a full-time role. However, this change does require some project management. Make sure that they report to an appropriate level in your company and that everyone knows the importance of the new legislation.
– Next, make sure that you are aware of all the details of the new rules. A good place to start is the Information Commissioner’s Office (ICO), which has regular updates, blogs and action checklists. Note that the final guidelines have yet to be agreed and this won’t take place until December. However, it is worth preparing now using the draft guidelines provided by the ICO.
– Thirdly, create an action list of areas that your company will need to review. The next section of this article contains some specific eCommerce retail action points.
Here are some specific issues that eCommerce retailers should look at
– Review your data consent systems. You will now need to cover more channels. You will also need to review your systems if you market to children under the age of 16.
– Review how you handle individual records. How will you manage a request by an individual for their personal data? How would exercise someone’s right to be forgotten? Will you or your data suppliers be responsible for this?
– Review your storage of data. Is there data that should be discarded earlier in your processes? Are you holding on to data that you no longer need?
– Review where your data is held. If you use off-site or cloud storage, your suppliers will need to be GDPR compliant. Overseas suppliers will need to be GDPR and ePrivacy compliant. You may need to revise contracts, service level agreements and workflow processes.
– Review your own data security. You may wish to consider working towards implementing ISO27001, the international information security standard.
Time is running out!
According to the DMA, only 54% of businesses are on track to be ready for GDPR implementation. 24% of businesses do not even have a plan yet! Remember, you cannot afford to be one of the 24%.
GDPR will be introduced on 25th May 2018. Make sure you are ready for it.
Parcelhub is a bespoke multi-carrier delivery management and eCommerce customer services solution. Flexible and scalable, it integrates seamlessly with order management systems, providing hundreds of eCommerce and wholesale businesses with one access point to many of the largest UK and international parcel carriers.
Multi-channel eCommerce platforms are easily integrated and dedicated proactive parcel management comes as standard.
Distributing more than 6 million parcels on its own carrier contracts every year, Parcelhub’s free multi-carrier shipping software grants hundreds of national and global businesses access to ‘pooled volume’ discounted rates from its carefully selected range of carrier partners, including: Yodel, Hermes, DPD, UK Mail, DHL, Whistl, UPS, DX, Parcelforce, CollectPlus, SkyNet, ArrowXL, Interpost, Panther Logistics, Direct Link and Palletforce.