With the coming of the digital age, customer data and business insights have become widely available for online retailers thanks to three forces:
1. It is easier to collect large amounts of customer information across various customer touch points
2. The cost of implementing and collecting information has reduced substantially
3. AI has helped draw deeper and more valuable customer insights from big data. Automated marketing tools also help online retailers deliver personalized experiences at scale
However, consumers have become increasingly concerned about the security of their personally identifiable information, though that is about to change. Businesses have likely heard of the new data protection regulations for the EU called the GDPR and have some knowledge of its content. Personal data is becoming a key competitive commodity for businesses in the digital economy, and it is from this context that the regulations were conceived.
For Southeast Asian businesses doing business with EU customers, this creates a whole new environment that organizations need to adapt with. It’s impact doesn’t just stop at creating new rules that requires organizations to follow, as the GDPR also creates a very compelling and valuable guideline for organizations that allows them to take full advantage of customer data while maintaining a transparent healthy relationship with their customers.
What is the GDPR?
The General Data Protection Regulation, or the ‘GDPR’, is a new set of regulations introduced by the European Union (EU) that are set to come into place on 25th May 2018. The biggest focus of the GDPR regards the privacy of EU citizens, especially in relation to their personal data online. While focussing specifically at EU citizens, the new regulations extend to all foreign companies that are involved in processing data of EU residents, greatly expanding its scope to a global scale. Entities which fail to comply with the regulations face up to 4% of annual global turnover or €20 Million, whichever is higher. Hybris has created a checklist for GDPR compliance, which provides a quick overview of what areas need to be updated to align with the regulations.
The main bulk of the new regulations address the rights of the data subject:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• The right not to be subject to automated decision-making including profiling
This doesn’t necessarily have to be all bad news. For online businesses, the guidelines can be viewed as an opportunity to take full advantage of customer data in the digital age.
GDPR in Ecommerce
Customer data is an incredibly rich source of information and a key competitive advantage – especially so for online retailers. This data is derived from a number of different attributes and behaviors, collected through means such as web tracking tools, email subscriptions, customer account details, beacons and GPS enabled applications, all of which provide insight into the personality of the customer and, ultimately, how they shop.
Online retailers rely heavily on customer data to draw insights that can make a product or service better, facilitate targeted marketing or advertising, and generate more revenue through cross-sales and up-sales. Due to this, it may be necessary for significant changes to the way data is managed in the industry, lest companies get caught out and faced with significant fines.
Building Trust and Transparency with the Customer
The emphasis has been placed on ‘citizen control’, bringing power back to the individual by allowing them access to, and control of, how and where their data is used. The regulation requires entities to not just inform customers whenever they collect their data but to also explicitly tell them about how this data is going to be used. Companies also need to inform customers of any changes in the way they process customer data before they can actually implement it. This is where a big data approach would face problems.
Being transparent about how sensitive data will be used would not hold customers back from giving their information, but would rather give them greater confidence to put the trust into businesses which comply with the regulation. The opportunity to forge closer relationships will become much easier with the added level of consent and transparency. With the new accountability and opt in systems, businesses can be sure that their customers trust their brand and are happy to receive these services and features.
Alongside this, the customers also gain new powers over how their data is processed. For example, they can refuse to be subject of any machine judgment of profiling and have right to be judge under human convention. This healthy, mutually beneficial relationship is the key to boosting the effectiveness of business strategies based on customer data and building customer loyalty.
Building a Complete View of Customers
Being well informed about what personal data they are giving to the company, customers tend to have greater confidence in giving more information, expecting more from businesses with better services, better personalized experience and customer support.
This makes it extremely important to design the overall experience with a mindset that places the customer at the centre of every business activity. The best way for businesses to improve the customer experience on their website is to focus on building a more complete profile of their customers that will allow them to make more informed, data-driven decisions.
Popular customer experience platforms such as Sitecore have been allowing businesses to collect and present a complete view of their customers across channels while remaining compliant with the GDPR regulations, including support for pseudonymization of data, the ability to recognize and treat data as sensitive, depending on the needs and configuration of the business. Their capability to deliver targeted marketing campaigns based on customer segmentation has proven its effectiveness and has helped businesses offer the right products and better support customers, building the way to a successful long term relationship.
Transform Data into Actionable Insight
The implementation of the regulations present the perfect opportunity and, in some cases, excuse for businesses to invest into rebuilding and renewing their data strategy and data management systems.
Artificial intelligent technologies are now recognized both by academic researchers and companies for powering highly effective product recommendation engines. One of the largest German jewelry retailers, applied SmartOSC’s artificial intelligence service that allows them to predict user interests after 2 to 3 clicks. The insights are then applied to their product recommendation engine, which has resulted in a 20% increase in the number of recommended products customers add to their cart, bringing in 10% of total product sales to the company.
Artificial intelligence technology doesn’t just utilize the current user’s data, but also leverages on what it has learnt from the industry to make it more effective. Product recommendations are just one way to personalize experiences and optimize sales. Exclusive birthday deals are another way personalization can manifest, drawing from information the customer inputs when signing up to the newsletter or creating an account.
Steering away from big data, this focuses on quality over quantity makes things much easier to manage and, most importantly, use. The change to individualized experiences signals a move away from information towards insight, describing the divorce of raw data from insightful and contextual information. However, special attention should be paid to remain compliant with the regulations with each business requiring a personalized policy, especially for advertising campaigns based on the profiling of customers.
Keeping Data Safe and Secure
Security is another area addressed in the GDPR. Several new security guidelines will need to be implemented to not only comply, but to also build a basis of trust that customer data is safe.
One of the most demanding security regulations in the GDPR regards actions that should be taken in the case of a personal data breach. The businesses need to investigate and report to the supervisory authority within 72 hours, detailing how the incident happened, the size of the incident, the consequence of the data breach and how they are going to deal with it. The rule requires companies to design better security protections as well as a reporting system that can quickly respond in the case of a data breach. The GDPR also outlines new guidelines for pseudonymization and how data should be stored.
Data should be seen as an asset borrowed from the customer, and so needs to be protected effectively to maintain their trust. Treating customer data as an asset that belongs to the customer rather than their own would mean that they have to protect it from breaches and only use it for the informed purpose that has been clearly communicated to their customers.
Ultimately, the GDPR will have a fundamental impact not just ecommerce but the internet as a whole. Companies handling data will need an expert, a Data Protection Officer, to provide advice for properly following all the intricacies it imposes to avoid the significant sanctions that have been put into place. The precedent set by the GDPR has yet to be seen, though it can be expected to greatly influence future data protection laws worldwide. Otherwise, there are potential opportunities it presents that businesses should use to their benefit. The deadline is looming so now is the time to act.