As GDPR Deadline Looms, Retailers Must Secure Consent To Access Personal Data

Consumer data has always been a key part of retailers’ marketing toolkits. However, with the General Data Protection Regulation (GDPR) rules going into effect on May 25, 2018, companies are at risk of losing access to portions of this consumer data, forcing them to pivot the way they market to customers.

During a recent webinar hosted by Gigya, titled: GDPR — The End Of Marketing As We Know It, and Why That’s a Good Thing, Doc Searls, the author of The Intention Economy and co-author of The Cluetrain Manifesto, and Rashmi Vittal, VP of Product Marketing at Gigya, explained:

  • The expected impacts of GDPR, and how retailers can prepare for the regulations;
  • The ways consumers are poised to regain control of their personal information, and why that could ultimately be a good thing for businesses; and
  • How retailers can gain consumer trust and consent when collecting their personal data.

What Is GDPR?

In April 2016, the European Union (EU) adopted The General Data Protection Regulation (GDPR), a new set of business rules and regulations designed to protect the individual rights of European citizens, including rights in relation to data access, automated decision making, profiling and the right of the consumer to restrict processing. 


The GDPR doesn’t only affect the EU; the regulations apply to any business that transacts with European citizens, including American companies and retailers. However, not all organizations are prepared to comply with the new GDPR regulations, which could involve potentially drastic changes to their marketing tactics.

According to a recent poll from Openprise, only 43% of marketing and sales reps are aware of GDPR, and only 49% of companies have a plan for complying with the new regulations. Additionally, a study from WatchGuard Technologies revealed that more than 30% of organizations don’t know whether or not their company needs to comply with GDPR.

Key Steps Retailers Must Take Before GDPR Goes Into Effect

Retailers still have time to implement a GDPR compliance plan and educate themselves on adapting to the regulations. Searls and Vittal indicated that the GDPR will require businesses to:

  • Support individual rights as a part of data processing and storage;
  • Secure consent and proof of consent from consumers;
  • Hire a Data Protection Officer (DPO) to monitor internal compliance; and
  • Notify consumers of all data breaches.

Retailers that don’t comply with these new rules and regulations are at risk of receiving penalties of up to 20 million euros, or 4% of annual revenue or turnover (whichever is greater).

Retailers Must Prove They Have Consent To Access Consumer Data

When asked about the hurdles organizations will face with GDPR implementation, Searls stated, “The biggest one and the one that’s being talked least about, is the simple fact that power is shifting away from organizations and to individuals.”

 Consumers will have more control over the usage and sharing of their personal data after the GDPR goes into effect. With this shift in power, consumers will need to normalize the concept of control over their personal data and decide what data they want companies to use.

“GDPR really requires you to have the burden of proof that consent was obtained in a correct and explicit manner,” said Vittal. “Today, organizations have a problem proving that they actually captured that consent.”

To cooperate with this power shift, retailers will need to not simply garner consent from consumers. They will need to prove that this consent was obtained in a correct and explicit manner. This means these businesses must make it a priority to track and monitor consent, ensuring that it’s done properly.

With these new initiatives, retailers must give consumers control over:

Profile data, likes and interests in a single place;

Marketing communications they’ve signed up for across brands, products and interests;

Contact info (email, SMS, phone); and

Preferred frequency of contact (daily, weekly, monthly).

Retailers also must create preference centers that give consumers direct access to their profile and preferred options of consent. 

Offer Value For Consumer Data

Beyond the need to comply with regulations, retailers should shift their focus to survive in this empowered-consumer environment. For consumers to willingly share their data with companies, they need to be in control of it first, according to Vittal. Consumers will only share personal data if companies are transparent about how they are using their data.

Additionally, many consumers want some kind of value in exchange for their personal data. Items of value could include loyalty program points or even a promise that ads directed at the customer will be more targeted to his or her interests.

Searls noted that retailers using consent-given data can personalize their marketing tactics, marketing to the customer about products or services they actually might want rather than using “spray and pray” tactics or employing guesswork.

Featured Event

Join the retail community as we come together for three days of strategic sessions, meaningful off-site networking events and interactive learning experiences.



Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: