GDPR Update: a consumer product and retail perspective
Truly enabling your customer
This blog will provide guidance on some of the specific elements that should be taken into account when implementing the GDPR in the consumer products and retail sector.
By Richard Spoelstra (Deloitte NL), Christian Wernberg-Tougaard (Deloitte DK) and Thomas Tzieropoulos (Deloitte DK)
The consumer and retail industry is – beside governments – one of the industries that process the most personal data. This is why knowing the regulation and its impact is tremendously important. Implementing the GDPR is not only about compliance, not only about it-security, but is essentially about changing the culture – to become an organisation that asks questions like: ‘Why do we collect these data?’, and ‘Do we have a legal base to do so?’, in order to embrace privacy and protection of data. Furthermore, companies in the consumer products and retail business must maintain a high level of trust with their consumer base to retain brand loyalty – something that can be severely impacted by a privacy data breach.
Privacy email alert
Receive the latest Privacy insights.
Knowing your customer
To gain and keep this trust from your customers– and by in large because data privacy is about protecting the individual – you need first to understand your customer. Questions you will need to ask are not all that different from those your marketing department asks: “Who is my customer?”, “What message do I want to convey to my customer?” and “What does my customer expect of me?”
Only by asking these and similar questions will your organisation get an idea of what your data privacy objectives are going to look like. Why? Because the GDPR, a risk based legislation, requires you to look at risk from an individual’s perspective. This, unlike other risk based domains such as that of information security, which are mostly approached from an organisational risk perspective. As such, the GDPR requires you to adopt a different way of thinking.
Data privacy will be different for each organisation and even within your organisation for each channel, country, and region in which you operate. Customer centricity will therefore require you to know not just your business and your target group, but also the regional nuances and what data privacy means within that context. What is essential to protect in the Netherlands is not necessarily the same as that in Poland.
Because each customer group, and in some way each customer, is different; a customer centric data privacy approach will also be different for each organisation. Requiring a different level of effort and for each organisation to face their own unique set of challenges. How to approach privacy when you have an online business selling tickets for local jazz concerts will be entirely different from designing a customer centric data privacy program for an international brick-and-mortar retail chain. While this seems straightforward it happens all too often that a one size fits all solution is chosen.
In the end to be really customer centric, data privacy will have to be seamlessly integrated within the service you offer. Your customer should not be aware of the measures you are taking to protect the data. This will feel counterintuitive, because data protection revolves largely around being transparent. But it shouldn’t be counterintuitive. You should still be transparent about how your organisation uses personal data. At the same time, your organisation should be designed in such a way that everything you do to protect data feels right to the customer.
What does this mean for your business?
To achieve this, and to go from a regulatory focused privacy approach to a customer focused privacy approach the way you approach privacy will need to change. The ownership and the design of privacy should shift to your operational departments. Instead of telling your departments that they need to do something a certain way, the approach taken should instead reflect an environment where you are assisting them in creating a better product.
Regulatory focused privacy is about showing compliance. It involves policies and procedures. Customer focused privacy takes this and makes it work for your organisation. It is about setting your organisation up to win and in the end, most importantly, about truly enabling your customer.
For more information about GDPR, please contact Annika Sponselee or Nicole Vreeman via the contact details below.
How are organisations facing the challenge of complying with the GDPR?
How will international data transfers be impacted by the GDPR?