The General Data Protection Regulation (GDPR) comes into force this Friday (25 May). Menswear designer Simon Carter, founder of the eponymous brand, recaps what retailers need to know about the wide-ranging legislation and explains why GDPR could be as much an opportunity as it is an imposition.
I was at a Drapers dinner late last year when the subject of the new data protection laws first came up. Like many round the table, it was news to me, and at first sounded suspiciously like a remnant of the former Soviet Union. One of the other guests was a solicitor, and he seemed particularly gleeful at the introduction of this new piece of pervasive legislation.
“No one will be prepared and everyone will need experts!” he said, licking his lips with a gleam in his eye.
The deadline is now upon us and the new legislation, known as GDPR, comes into effect this week. GDPR stands for General Data Protection Regulation, not, as we have christened it internally, God Damn Pain in the Rear. It is a European regulation, not a directive, which means it is binding legislation that must be applied across all of the European Union. Because the UK is part of the EU on the day the legislation comes into effect, we need to comply, despite Brexit being on the horizon. It will also still be with us after Brexit, as UK companies continuing to do business with EU countries will need to follow its requirements.
The main aim of the legislation is to bring in a new set of “digital rights” for EU citizens. It has Big Data squarely in its sights, but, as is so often the way, there are many unintended consequences. Probably the biggest issue for retailers and brands is customer databases. Before GDPR, it was fine to use a default opt-in to add customers, but under the new rules, your customer must actively opt in. Further, you must clearly state what you will use the data for, and the customer must opt in for each of those criteria. This means that your old database is more than likely redundant and you’ll need to have contacted all your existing customers to ask them to actively opt in. Sounds like a headache? It is. That’s why customers are being bombarded with emails saying: ‘We want to stay in touch with you but you’ll need to follow this link, complete the form and return it.”
Yes, GDPR is a big deal and will have wide-reaching implications for the way retailers hold and process customer data. But it will also force all of us to sharpen up our acts. At Simon Carter, we’ve used GDPR as a great incentive for good data housekeeping. The shredding truck arrived last week and all departments have been tasked with clearing data that isn’t needed or covered by GDPR. It is surprising how much we keep, but now we’re becoming much more effective and focused on acquiring and using data in the most effective way possible.
Personally, I cannot understand why there hasn’t been more government messaging around GDPR to help prepare businesses for the upcoming changes. It makes the workplace pension regulations – which required that all employers offer a workplace pension by February this year – look like a drop in the red tape ocean. And this is not something retailers can ignore. The fines for non-compliance are potentially crippling – a maximum of €20m (£17.8m) or 4% of annual global turnover, whichever is greater. You have been warned.