Data and tech governance for the connected retail sector 1: Keep compliant to thrive in an era of digital transformation
The retail sector is embracing digital transformation, with the connected retail market expected to reach more than USD 50 billion by 2022, according to Grand View Research).
An increasing amount of personal data is used for customer intelligence, as well as production and supply chain optimization. IoT (Internet of Things) is driving such growth, as smaller and more efficient retail spaces become “fulfillment centers”, with a wide usage of sensors that create unique customer experiences.
Within this context, adequate data governance is fundamental, not only to manage risks, but also as a market differentiator.
The new European General Data Protection Regulation (GDPR), which takes effect on May 25 2018 provides for a new accountability approach, whereby retailers will have to demonstrate compliance, among other things, with obligations to carry out data protection impact assessments and to implement data protection by design and by default.
This implies that retailers now have to integrate the data governance process with appropriate safeguards, also considering personal data minimization and portability (including data generated through connected devices).
CRMs will have to ensure that all personal data are adequately collected, based on the consents provided by the data subject or the exemptions set out in the GDPR. Data breaches will have to be reported to national authorities (and in certain circumstances individuals), within 72 hours. Given that sanctions under the GDPR can reach up to 4% of global annual turnover, retailers should also consider coverage through data and cyber-insurance policies.
In addition to the above, the new proposal from the EU Commission for e-Privacy Regulation should also be considered. Among other things, this will change the applicable rules regarding cookies, web preferences and online tracking. Although we are still at a preliminary stage, anticipating its requirements through an e-Privacy readiness exercise would give retailers peace of mind regarding EU regulation in the near future.
Digital transformation and the new connected technology environment can be fully optimized through clear understanding and compliance with legal requirements – and when properly addressed will allow retailers to fully reap the benefits, with greater visibility in the marketplace and smoother customer experience.