Ecommerce runs on data. In fact, data is now such a vital part of business that its value has been likened to the ‘new oil’. With the rise of Customer Data Platforms (CDPs) and the well-established practice of using CRM, EDM and BPA systems to run businesses – not to mention the drive for personalisation – means that all retailers now drill for data at every opportunity. But with all that data comes great responsibility. And even before Brexit has had a chance to bite – Europe is going to make you work for that data.
The EU’s General Data Protection Regulation (GDPR), which comes in to force on 25th May 2018, aims to extend the rights of individuals to own their own data and any business handling that data must keep it secure. And any eCommerce business must start preparing for what it means right now.
What is the GDPR?
But first of all, what is it? The basic premise of the GDPR is to make it more transparent for consumers to see what data a company has on them, as well as introducing a new fines regime for those that breach it. The idea is to protect consumers from brands that may misuse their data, but also to help them manage how the data that they may allow to be stored is actually put to use.
If you are wondering if you will be impacted by the new legislation which comes into force on 25th May 2018, ask yourself if you are already subject to the existing 1995 Data Protection Act. If you are, the GDPR will impact you.
Why is it different to ePrivacy?
The EU’s ePrivacy regulation has been published to broaden the scope of the current ePrivacy Directive and align the various online privacy rules that exist across EU member states. ePrivacy takes on board all definitions of privacy and data that were introduced within the GDPR, and acts to clarify and enhance it. In particular, the areas of unsolicited marketing, cookies and confidentiality are covered in a more specific context.
ePrivacy rules cover all those other things that retailers do, allowing consumers to turn off cookies and to insist that companies including Gmail, Skype, Facebook Messenger and WhatsApp are now required to provide the same level of customer data safety as ‘traditional’ telecoms companies, such as BT.
GDPR and ePrivacy have been drawn up to protect two vital Articles of the European Charter of Human Rights: GDPR for Article 8 on protecting personal data and ePrivacy on Article 7 on protecting a person’s private life.
Here we will focus on the impact of GDPR on your eCommerce business, as it has some profound impacts. We shall save ePrivacy for another article.
How will it impact your business?
GDPR will not only require companies to pull together data so consumers can easily see what data about them is stored and where, but it will also give consumers greater access to the data. At present a Subject Access Request (SAR) allows the brand or data ‘owner’ to charge consumers £10 to access the data. This is being scrapped.
Under GDPR, when someone asks a business for their data, they must stump up the information within one month. Everyone will have the right to get confirmation that an organisation has information about them, access to this information and any other supplementary information.
And it will have an impact. A study by OnePoll in the UK found that almost half of UK consumers plan to exercise their new rights over their data when GDPR comes into force. It questioned 2,000 UK consumers between May 24th and 26th 2017, and found that 48% planned to wield their new rights over personal data. A third (33%) said they would exercise the right to have their data removed by retailers, while 33% would ask retailers and brands to stop using their data for marketing purposes.
Almost one in five (17%) said they would challenge automated decisions made by retailers and 24% said they would access the data that retail companies hold about them.
What do you need to do?
The key thing that GDPR means for eCommerce businesses is that they have to present a single view of the customer. While this has long been chased by marketing departments across retail, GDPR is going to force it to happen.
As your IT department and marketing chief will attest, this is easier said than done. Huge amounts of different data, in different formats lives in different silos across your company, often gathered in different ways through the growing number of channels that your customers interact with you on.
The issues if complicated further by many etailers using third parties for operations such as payments, fulfilment and more. All this data now has to be gathered too and, if a consumer wants it, they need to see it. In fact, they need to be able to see all that you have on them.
So your major task is to gather all this data together into one place. This Herculean task is going to, in most cases, need help. There are a wealth of third party companies out there that can assist.
Those that offer CDP technology are your best bet. These companies can create the IT to pull all the data you have together and make a useful picture from it. Such companies approach data and the customer in a different way to most; They look at the customer and then create – and update – all the data around them.
While this is a cost, the ROI is exceptionally quick. Not only does it mean you can at a stroke meet your GDPR requirements, but also it revolutionises your marketing, allowing you to personalise at scale which leads to well documented leaps in conversion. Take a read of this.
What else can you do?
While gathering and storing all that data in an easy to access and use fashion, there are many other things you need to do to meet these new regulations. First of all you need to deactivate all default opt-ins you might have in place. Customers will need to give explicit consent. This means any pre-checked consent boxes do not count as a valid indication of consent.
Related to this, all organisations in this chain will need to ensure they protect personal data, and the data subject will need to give explicit consent to hand over this data. Data subjects can also withdraw data at any time, which means eCommerce stores should think about any auto-renewals or subscription payments, and how that will work going forwards. In fact, you will need to keep detailed records of as many consents as possible. This includes what it was that was consented to, and what the method was that a data subject used for consent.
Access to the data
As well as gaining a single view of the customer and tidying up – and maintaining that tidiness – are the paramount actions right now for any business, you need to also be ready for customers when they start wanting access to their data.
You also need to be ready for informing them if there is ever a data breach as well. Scary stuff.
You will need to make sure they offer any data for download where possible, and without any unnecessary delays and you will need to be able to provide full visibility across your business, as you will need to be able to detect problems in order to fix them.
If there is a problem, such as a data breach, you will have to inform your customers within 72 hours, so you need to be ready to not only detect data breaches, but be able to pull together what you need and tell them, ASAP.
To do this you must not only prepare your data, but you have to war-game such scenarios – regularly – to make sure you are on top of it.
What if you don’t?
The stakes are high. Your data is not only the life blood of your business, but not complying with GDPR is going to be costly. If you are found to be in breach of the new GDPR guidelines, you may be fined up to 4% of your turnover, or €20 million. Whichever is bigger. This is, of course, enough to shut down most companies, so you have to comply.
So, while the task may seem daunting and potentially a costly IT project, not doing so is going to put you under.
On the upside, complying will keep you in business, but will put you in the position of having a single view of the customer, which will leave you ready for the drive to ever greater personalisation and place you ready to adopt tomorrow’s marketing technologies such as machine learning and artificial intelligence. Good luck.
About Parcelhub – The bespoke parcel shipping solution.
Parcelhub is a multi-carrier shipping and eCommerce customer services solution. Flexible and scalable, it integrates seamlessly with order management systems, providing hundreds of multichannel retailers, global brands and wholesalers with one access point to many of the largest UK and international parcel carriers.
Multi-channel eCommerce platforms are easily integrated and dedicated proactive parcel management comes as standard.
Distributing more than 6 million parcels on its own carrier contracts every year, Parcelhub’s free multi-carrier shipping software grants hundreds of national and global businesses access to ‘pooled volume’ discounted rates from its carefully selected range of carrier partners, including: Yodel, Hermes, DPD, UK Mail, DHL, Whistl, UPS, DX, Parcelforce, CollectPlus, SkyNet, ArrowXL, Interpost, Panther Logistics, Direct Link and Palletforce.