How secure is your customer data as GDPR deadline looms?

Data privacy is a hot topic particularly after Facebook’s shock admission that it had improperly shared information on up to 87m users.

And it’s going to get hotter, especially in Europe, where a new piece of legislation, the General Data Protection Regulation, comes in to effect on May 25.

It is not just online giants like Facebook and Amazon that are concerned about the implications of GDPR. Retailers and indeed all businesses that collect customer data will be affected by the new legislation, which lays down strict rules on how businesses collect and use personal information.

We live in a digital world yet most consumers do not realize the economic value of their personal information – names, email addresses, phone numbers, and also internet browsing habits collected by website cookies.

GDPR aims to make it more difficult for companies to get this type of information without first obtaining the customer’s consent, while making it easier for customers to review or indeed delete the personal information that company holds on them.

Openbravo has always been very concerned about ensuring the privacy of all personal data that we process.  We are committed to adhering to all the privacy and data security requirements of GDPR as a company, and we aim to support our customers to apply GDPR requirements so that they too can become compliant.

To confirm our compliance with GDPR new requirements, Openbravo has implemented internal policies to protect data which is controlled by us from any unconsented access, accidental loss or destruction.

How will GDPR affect retailers?  

Any retailer that collects data on its customers will need to review the processes it uses to obtain that data and ensure they comply with the requirements of the new law.

So when a customer signs up for a loyalty card, takes part in a promotion, or simply visits your website, you will need to ensure that the data collected is secured against accidental or deliberate misuse.

The retail sector has suffered its fair share of embarrassing incidents involving data breaches recently.  Last month, US apparel retail HudsonsBay, which owns the Saks Fifth Avenue and Lord & Taylor stores, admitted cybercriminals had stolen customer data on 5m payment cards.

Sportswear leader Under Armour announced that a data breach affecting 150m users of its MyFitnessPal app.

Clearly, it is difficult for a retailer — or any other business — to defend itself from a deliberate cyber-attack. But data privacy is about much more than securing IT systems against hackers.

Privacy should be an integral part of relationship that a retailer has with its customers and it needs to be proactively enforced. Otherwise, the retailer risks not just possible hefty fines for breaching legislation such as GDPR, but it risks losing something of even greater value — customer loyalty.