Why should you care about the new GDPR regulations taking effect later this month? After all, the General Data Protection Regulation only governs consumers’ private information in the EU (European Union).  But in our global economy, chances are good that you will be dealing with a European vendor or customer in the future.   My inbox has already received a number of emails from companies updating their policies to be in line with this comprehensive new privacy law.

The purpose of the GDPR is to make sure that customers can control their own data. According to Martech Today, “The GDPR operates with an understanding that data collection and processing provides the basic engine that most businesses run on, but it unapologetically strives to protect that data every step of the way while giving the consumer ultimate control over what happens to it.”

One way that GDPR might impact your small business is if you collect addresses to use for email blasts.  GDPR forbids using an address without express permission to do so.  You cannot, for example, add a customer’s email to your list just because they placed on online order with you. The Canada Anti-Spam Law (CASL) also addresses this issue, stipulating that consumers must consent to being added to an email list, and requiring that you offer a way to unsubscribe. GDPR specifies that you must also be prepared to erase a customer’s data, such as their purchase history, upon request.

The next issue covered by GDPR is the requirement that customer data such as credit card numbers and other personal information be stored securely.  Take a moment to think about who has access to your store computer. Do you have any sensitive data password protected?  If someone gets hold of your customer’s private information, this data breech can be serious.  And if it does happens, GDPR gives you just 72 hours to report it.

It is true that GDPR is mostly intended to protect individuals from the risk of information being leaked by large companies and organizations.  But it is in the interest of every good business, large and small, to respect the trust that our customers have in us by treating their personal information with care. A good place to start is the Guide to the GDPR from the UK’s Information Commissioner’s Office, which offers a free Data Protection Self Assessment Toolkit.

Happy Retailing,

Carol “Orange” Schroeder