Loading Form...
Thank you! The form was submitted successfully.
Sep 30, 2021 | 7 minute read
written by Jeffrey Wright
Editor's Note: This post was originally published April 4th, 2018 and has been updated to reflect the current state of GDPR and other data privacy regulations impacting eCommerce in 2021.
Almost every online activity generates data that can be collected, stored, and shared. Shopping online, interacting with social media, installing mobile apps – all these actions leave a trail of data used to identify people.
That information has value on the dark web, making cybercrime a big business. Storing and securing data was largely unregulated until 2018 when GDPR took effect. Since then, 12 countries and a growing number of US states have jumped on board with their own version of GDPR as either new law or addendum to previous laws.
(Source)
These “rules” provide a legal line that companies transacting with customers online can use to operate, but is just meeting those government mandated requirements enough? Just because companies are doing more to protect data, STATISTS recently did a study that exponential increase in data breaches since 2005. Below highlights the rapidly growing risk of businesses being hacked and exposing your customer’s personal and this risk is not going away just because of government regulation.
Annual number of data breaches and exposed records in the United States from 2005 to 2020. Source: STATISTS
Companies with an eCommerce site not only need to make sure they are staying compliant to avoid major fines, which is getting more complex in a borderless online market, they also need to be more transparent and responsive with customers when it comes to gathering, using, and protecting their personal data to create trust and loyalty. Without trust it will be hard to grow your business online.
Under GDPR, companies have been facing potential fines of up to €20 million or 4% of global revenues, depending on what’s greater. While all companies are vulnerable, those with poor data-protection practices or those that incur data breaches due to their own negligence are particularly exposed. GDPR Enforcement Tracker has been tracking these fines and so far through September 2021, there have been 778 fines levied totaling €1,277,329,802. Below are the top 5 as reported by the site, recognize any of the brands?
GDPR is having sweeping implications around the world, and Europe isn’t the only geography bolstering data protection laws. While we could not find exact figures on how much has been invested to date, IIAP and EY reported that GDPR is costing companies an estimated $9 Billion to stay compliant.
Image Credit: Forbes
With draconian fines a real possibility, this investment looks almost economical. However fines are only part of the potential damage done by failure to comply. Loss of consumer trust and loyalty can be even more devastating even for companies that do not need to be GDPR compliant. According to a survey by OnePoll, “86% of 2,000 respondents stated that they were “not at all likely” or “not very likely” to do business with an organization that had suffered a data breach involving credit or debit card details.”
So why does this cost so much? Think of the GDPR as a kind of consumer bill of rights governing data use. Under it, consumers have a variety of rights:
To fulfill on the above obligations, companies needed to invest in centralizing and securing data from likely hundreds of systems and data sources, not to mention needing to hire highly skilled professionals to deploy, manage and be accountable for the data, systems, protocols, and communications needed to prove compliance and create buyer trust.
For context, when consulting for a Fortune 500 client back on 2010, pre-GDPR, and focusing on just marketing and sales technologies to drive a Customer360 data project, we found over 250 independent databases with over 10 million records we wanted to use for just direct communication strategies using email at the time.
Due to budgets, we focused on less than 10 data sources to get an MVP POC off the ground and that alone scope alone cost over $1 Million in budget.
Investing in better customer data and security practice is not just to avoid government fines. As the post-pandemic global economy continues to expand digitally, gaining trust online is going to be one of the most important competitive differentiators companies can invest in. Companies that prove they are trustworthy and responsive to customer concerns about their data will rise above the fray and make it easier for customers to transact online.
This trust will also have a knock-on effect as it will limit the inquiries by anxious customers, leading to the investigations and fines being levied by governments around the world.
According to Deloitte’s 2019 US retail privacy study, when consumers trust a retailer and are satisfied with their privacy policies, consumers are more likely to be open or neutral about sharing personal data (73 percent) compared to those who are dissatisfied or unaware (57 percent). That difference in trust can have a huge impact on generating online revenue from eCommerce.
The study went on to highlight a gap in customer perception of what their data is used for and what sellers are doing with data and why they gather it. The study reported that most consumers still believe the main purpose of data gathering by retailers is to share data with third parties or sell it to outside buyers.
However, retail executives in the survey “indicated the top three uses of consumer data is for increasing efficiencies in operations, improving product selection, and enhancing in-store services or experiences.” While the sellers are focused on better buying experiences, it won’t matter if the customer thinks it is all just a trick to resell and profit from their personal information.
This means the onus is on the seller to earn buyer trust through better communications, information, and experiences that show they can be trusted.
Ask yourself, is your current eCommerce solution helping you do that?
More information about the requirements and the impact of GDPR can be found by visiting www.gdpr.eu. To learn more about Elastic Path’s trust program focused on Security, Stability and Scalability, visit our trust page at https://www.elasticpath.com/product/trust.
In the case of the GDPR, ignorance is anything but bliss.