GDPR The Opportunity for Constant Evolution - Hitachi Solutions
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
GDPR The Opportunity for Constant Evolution 2017
Executive Summary
Modern retail is reliant on data. The faster retailers embrace GDPR regulation as a
catalyst for change, the better. On the face of it, the GDPR may seem like just an annoying
compliance burden. And that’s precisely why many retailers have delayed planning for it. But
if you view the GDPR as an opportunity for change, there is the very real prospect that it will
There is no shortage of stories on the mountain retailers’ must climb to comply with the have a positive impact on your organisation.
General Data Protection Regulation (GDPR). But few (if any) highlight the real opportunity
that GDPR presents as a catalyst for unlocking the value of data. After all, good data A key takeaway of this report is to see how the GDPR is not just a question of compliance
management should be seen as a business enabler, not as a threat. but a platform to generate new business opportunities. So how can retailers turn the
legislation into an opportunity? Here are just some of the benefits that the GDPR offers your
GDPR compels retailers to do things they should be prioritising anyway. Much like cleaning organisation.
out the spare room, GDPR gives retailers a mandate to do something many have been
Clean House
putting off for years. Although initially daunting, if managed correctly, GDPR presents a great
opportunity to optimise the ways retailers interact with their customers.
As David Lockwood, Head of CRM, Boden, tells us: “Let’s look at GDPR as an opportunity to
innovate, rather than a wall we need to climb over.” The GDPR requires that retailers are transparent about how they capture, store and process
customers’ personal data. It also places responsibility on retailers to demonstrate how they
The GDPR deadline is fast approaching – it comes into play in the UK on May 25, 2018. As meet its principles of consent, data privacy and data protection.
Puneeta Mongia, Multichannel Strategist, shares: “It feels like the GDPR has moved from
something very conceptual to something very tangible in the last few months.” As data is such an important asset (and constantly growing), putting robust policies in place
now will not only help retailers comply – it will help them to secure the full benefits of their
While it’s true that retailers will need to put in considerable planning and effort to become data in the best way possible. In this sense, GDPR presents an opportunity for retailers to
GDPR compliant, it’s truer still that the introduction of the GDPR represents a wonderful review their data processes, map the existing flows, analyse their effectiveness and then
opportunity for them to get their marketing in order. Retailers should seize the moment to set restructure them where necessary. Ultimately, GDPR will revamp the way personal data is
out a culture of data confidence among shoppers. To help on this journey, One Connected collected and used.
Community (OCC), Microsoft and Hitachi Solutions joined forces to host 24 leading retailers
at London’s Gherkin for a thought-provoking workshop dedicated to ‘ The GDPR: From As Puneeta Mongia, Multichannel Strategist, says:
burden to opportunity.’ The session explored the key opportunities around:
“This is a hugely positive step forward for retail. A moment for all teams and departments
> A clean house: Data, transparency and addressing heritage systems within the business to sit down and think carefully about what data they need; what they
> Transformation: Improving ways of working want to do with that data; and how they need to configure systems and processes to extract
> Constant evolution: New mind sets, cultures and ambitions (beyond deadline day) that data and use it.
As the GDPR is a real game changer, at the highest level, the workshop represented a “Taking a clean sheet, and then identifying what data you absolutely need; and how it will be
golden opportunity for retailers to share strategic thinking and learning to best position their used feels hugely powerful. It will lead to retailers creating much more value from data than
organisations for success within the new regulations. Here we share the key findings. in the past.”
Introduction
Collectively our group agrees that through greater transparency, they will be able to grow
their customer base, collect more data and monetise it more in the long run (through
developing a culture of trust and confidence). After all, customers are more likely to trust a
retailer who values privacy (beyond mere legal compliance) and is transparent about how
There are some horror stories doing the rounds about GDPR. Since publication of the final their data is used.
ruling by the Information Commissioner’s Office (ICO) last year, the majority of press has
been scaremongering to say the least. Much of it talking about the heavy fines related to So, GDPR means retailers get to overhaul processes to make them more efficient and
non-compliance; up to 4% of annual turnover or €20 million, whichever is greater. But the streamlined; remove people from their database who are of little or no value to them and are
reality is not as brutal as many stories would suggest and the regulation in fact presents a drain in terms of data storage and communication costs; and delete a load of information
significant opportunities for those retailers willing, and able, to seize them. (that is never going to be used) which only adds more complexity to their business.
As Maria Lobato, Data Protection Officer and Commercial Counsel, Mothercare, says: But it is no easy feat. Strategies around data management must be led from the top and
scaled throughout an organisation to ensure everyone understands what they are doing as
“While it’s very important to understand this legislation, GDPR is also a great opportunity for custodians of customer’s personal data (from Head Office to front line staff). The first step is
businesses to bring people together and encourage collaboration.” to ensure that GDPR is prioritised throughout the organisation.
The GDPR presents an opportunity for retailers to review their data processes, map the
existing flows, analyse their effectiveness and then restructure them where necessary.
With cleaner, up-to-date and more relevant data, retailers will experience fewer bounced
emails and ‘unsubscribes’ with direct marketing campaigns. But it requires a mental shift as
marketers traditionally fear throwing-away data.
Many retailers have been worried about deleting contact details, but have then found that
once they did streamline, their marketing became far more effective and added value to the
business. As Debby Hill, Head of CRM, Gala Bingo, shares:
“I’ve found people are reluctant to get rid of data – it serves as a comfort blanket. In a way
it’s quite a scary thing to say: ‘I’ll throw away that data and start again.’
“But the reality is that much of our data has never been used. We are holding onto to it in
case we want to use it in the future – and this creates a culture where colleagues imagine
all kinds of ‘scenarios’ where they ‘might’ need the data. The GDPR provides the catalyst to
really take stock over what data we hold.”
The GDPR forces retailers to assess what data is of genuine value to their business, but
striking a balance is the answer, says Dan Collis, Marketing Database Manager, IKEA:
“On the one hand, you can throw it all and start again; on the other hand, there is the ‘we
need everything mentality.’ My role is coming-up with a balance. It’s mind-boggling how
much data we capture across the business from in-store events to online. So we must decide
an approach at Head Office level and then get that embedded across the wider business
As Luis Azcona, GDPR Programme Manager at a major retailer shares: “The big challenge because (if we don’t) we could fall over at any of those points.”
for us is cultural – changing the mind set of our teams from ‘data is our asset,’ to data is an
asset we are ‘borrowing’ from our valued customers.” That’s absolutely right, says David Lockwood, Head of CRM, Boden:
The journey then starts with mapping your data. Our group emphasise how important it is “Over the last few months, we’ve asked where’s our data and what are we doing with it?
to document what personal data you hold; where it came from; and who you share it with to Then moving from that point; what of that data do we really need? What are we using? And
meet GDPR compliance. what is really valuable after six months? So we’re taking a really analytical approach to
identify what data is valuable and what isn’t.”
In general, data mapping requires comprehensive information gathering from all business
units and a visualisation of the information gathered. As Kris Marshall, Customer Insights In this way, GDPR presents a fantastic opportunity, as Sue Stephenson, Head of Digital
Director, Gala Bingo, tells us: Product Marketing, Westfield, puts it:
“With over 130 bingo clubs, we had data all over the place. But over the last twelve months “In the past we’ve been encouraged to collect as much data as we can, on the basis that
we have centralised all that data onto one platform; strategically placing it in the hands of we’ll use it at some point in the future. Whereas now we can stop collecting every single
people who know what to do with it. Then, over the last six months, we re-designed our data piece of data and challenge the thinking across the entire business.
warehouse and built a data model based on the analytics of what the business needs.”
“We need to put the customer at the heart of our data strategy, by thinking about what data
There are some retailers that are adapting their business model to reduce the amount of we actually need, and how are we going to use it to improve the customer experience.”
data they retain in favour of a more high value approach. As Erdal Enver, Digital Marketing
Manager, Intu, shares: But, as is so often the case, one size rarely fits all. Pre-defined data rules don’t necessarily
translate in all walks of retail, warns our senior figure from a major department store:
“We looked to clean-up our data based on strict rules around what we want and what we
don’t. But, due to the huge flurry of incoming data, by the time we had cleaned some of it; it “For us, the importance of data is all around customer relationships; and really getting to
looked like nothing had changed. know our customers. That information is held in black books. So you might be able to set
rules, but getting everyone to adhere to them is very different. You could put a rigid set of
“So we identified where data was coming from and embarked on a journey to stop certain rules in place, but will they really work in practise?”
things happening. We stopped some automatic data flows, but also questioned everything
around data capture to instil a mentality of ‘why’ within the wider team. Educating all the
team on what is right to collect; why we are collecting it and how long we want to hold it for.”
A senior figure (who shall remain anonymous) from a major department, agrees, but says it’s
not so straightforward.
“We must all ask what data we need as a business; and what we want to do with it. But trying
to get everyone within the organisation aligned with that ahead of May next year will be
difficult. So it then comes down to; what data do we hold and what do we cull?”
The Arcadia Group – with its beloved high street brands including Topshop, Wallis and Miss Above and beyond having a robust training plan, it is vital that the approach reflects the
Selfridge – face a similar dilemma, adds Cherry Pinches, Global Legal Compliance and Data brand, adds Kate Hamer, Senior Group Loyalty and Marketing Manager, Mothercare:
Protection Officer, Arcadia Group:
“You must find a solution that fits with the company culture. If it doesn’t, and people within
“We have personal shoppers who are responsible for building in depth profiles around key the business can’t picture it, they’ll just find work arounds, and continue in old habits
customers. So, we’re now looking at new ways to still capture that data and use it (because anyway.”
our customers are happy for us to do so), but with systems that do it in a more secure way.”
I fully agree, adds Cherry Pinches, Global Legal Compliance and Data Protection Officer,
The good news for retailers is that technology exists to help them meet the challenges Arcadia Group:
of capturing and migrating data, while keeping it secure as they work towards GDPR
compliance. “Training is absolutely crucial – we have hundreds of stores and hundreds of opportunities
for an employee to interact with a customer in the incorrect way, or collect data off their own
It all comes back to looking at the GDPR as an opportunity, says Puneeta Mongia, back because they believe it might be helpful.”
Multichannel Strategist:
So what have we learned? Ultimately, it’s about strategically deciding what data is valuable
“Let’s explore how we can serve our customers’ way better than we have ever served them to you; how you will go about asking for customer consent; how and where you will store
before using new systems.” it; and then ensuring that everyone within the business adopts a more customer centric
approach to data management. Not only ahead of deadline day, but beyond it (as these
Updating your technology is not the end of the story. Beyond getting your data in one place changes must be seen as the ‘new normal’ and a constant evolution).
and updating necessary heritage systems, the next crucial step is governance, says Michel
Koch, CMO, Time Inc.: Perhaps Luis Azcona, GDPR Programme Manager at a major retailer puts it best:
“You must make sure people don’t mess around with the data processes. You want to ensure “You need the correct technology and correct training, but even more challenging is changing
to put some checks in place so that any marketing project involving customer data goes the culture – and that is always going to be a high risk area.”
through a validation process that is not only about the copy or imagery, but also the rationale
around using specific sets of customer data and whether or not it relevant and adds value to And culture cannot be changed overnight. So while it is a sobering thought, the reality is very
the customer, and there is an ROI attached.” few retailers will be ready in time. As Michel Koch, CMO, Time Inc. warns:
But even with the best systems and governance in the world, there will always be a risk, “Like Brexit, no one is going to be ready by deadline day. So, focus on what you can do now;
warns Kate Hamer, Senior Group Loyalty and Marketing Manager, Mothercare: and how you can prove to the ICO you’re getting ready. Right now, it’s most important that
you can showcase good behaviour and the right approach to customer data. A good way
“Mistakes can easily happen. Governance, training and reinforcement will be required across to achieve this is to directly involve the ICO and identify the right balance between doing
all channels but especially stores where you may have legacy processes of how they hold business and compliance.”
and utilise customer data for example in personal shops, events and even click and collect
orders. Come deadline day next year, any lapses in security or management of data will be Matt Newman, Senior Project Manager, Hitachi Solutions, shares a neat takeaway summary
huge so it’s a massive shift in thinking.” on creating a clean house:
For this reason, it’s absolutely imperative to have robust training in place, adds Maria Lobato, “The minimum you need to do is train your people throughout the organisation that they are
Data Protection Officer and Commercial Counsel, Mothercare: holding personal data and it’s their responsibility as employees to take that seriously. You
then need to get your senior board to sponsor a programme that says: ‘Our policy states this
“Training is essential to raise awareness around the GDPR and its implications. This training is where personal data goes, and by not complying you put the organisation at huge risk.’
must include what data really means; and what privacy really means. We must put proper You then need to decide: should you store that data or purge it.”
training in place for every single person within the organisation and stress the fact that this is
a very high risk piece of legislation.
“It’s tricky to give proper training to staff who interact with customers every day and work
around hectic shifts, but we must train our people so that even when it’s busy and stressful
they still take full responsibility for data.”
Personalisation
Matt Newman, Senior Project Manager, Hitachi Solutions, sets-the scene:
“Legitimate interest is a grey area. As a retailer, you might have customer data following a
purchase, so you’d think that surely you can write to them (as you have a legitimate reason
The use of personal data in retail cannot be underestimated. In today’s market, data-driven to hold the data). Yes, you have a legitimate right to hold the data, but you don’t have a
retail is essential. Retailers personalise marketing and profile customers in many ways, legitimate interest to market to them. You have the data from a transaction, but the customer
whether using loyalty cards, online behavioural advertising or in-store records. Under has not explicitly opted-in to receive marketing communications, so it is a grey area.”
GDPR, the use of any data that can identity an individual person requires consent. This
raises a whole raft of questions around value exchange, legitimate interest and customer It comes down to being smart, says Cherry Pinches, Global Legal Compliance and Data
preferences. But GDPR may actually help retailers’ marketing efforts, not hinder them. Protection Officer, Arcadia Group:
It all comes down to the value exchange says, Debby Hill, Head of CRM, Gala Bingo: “We believe that if we tell customers what we are doing and show them the value they are
getting from it, they’ll still be keen to share data. It’s about finding that balance. Getting a
“Customers are becoming savvy to the value exchange around their data. I think retailers are message across that doesn’t sound really creepy and shows customers the value they’ll get
going to have to start giving a little more, for customers to be willing to share their data and back in return.”
allow companies to profile them.”
That’s right, a lot of it is common sense, adds Michel Koch, CMO, Time Inc.:
It should be a considered, stepped approach, adds Puneeta Mongia, Multichannel Strategist:
“Imagine you’re in a high street store. You go into the store, fill a basket, your phone rings,
“Ask the right question to a customer at the right moment – where it adds value for the you have an emergency, so you leave the basket. How would you feel if someone chases
customer. And make it clear why sharing their data is useful for them and how it will benefit you as you leave the store? If wouldn’t feel very good. When weighing-up data management,
them going forward. In this way, you put the customer in control of their data and their legitimate interest and other marketing processes online, think carefully about whether it’s
permissions.” something you’d do in the physical store.”
But, as Kate Hamer, Senior Group Loyalty and Marketing Manager, Mothercare warns: Ultimately, it’s about respect for the customer, says Puneeta Mongia, Multichannel Strategist:
“Even if you go with the majority, it only takes one person to say: ‘I don’t think you’ve handled “No customers are going to complain, report you to the powers that be or kick-up a media
my data correctly’ and it all goes wrong.” storm if they are being treated with respect. And that’s why we have to look at this from a
cultural perspective. All of our organisations must showcase more respect for the customer.
That’s true, but it still makes the conversation with ICO easier, adds Lockwood. It’s not so much about technology and systems, but treating our customers in a new and
fairer way.”
“If you can demonstrate that the majority of your customers agree; and you can prove it by
showing the ICO you have talked to your customers about it; in the event of a breach the Under GDPR, you could compare personal data held by a retailer with the money held
conversation with the ICO will be a lot smoother.” by a bank. A bank customer can request their bank to return their savings or transfer it
to a competitor. In the future for example, a consumer could approach a supermarket,
Our group specifically highlight the need for careful consideration around communications and request all the data that they have on them, their spending patterns, and shopping
based on ‘legitimate interest’ following an abandoned basket. preferences to be removed or transferred elsewhere.
So, beyond the moral stand, retailers do still need to invest in systems that can easily
surface data. As David Lockwood, Head of CRM, Boden, says:
“When customers say, show me everything you’ve got about me, you need a system that
can do it effectively in a single click. At the moment we get four or five request a year, but I
expect after GDPR we’ll get 100 or so, so we need a one click solution.”
We’re actually focusing one step ahead, says Dan Collis, Marketing Database Manager,
IKEA:
“We’re concentrating on how to manage requests for customer data right on the front line,
posing the questions that let customers tell us what their concerns are.
“By putting customers first we can understand, learn, and mitigate future requests. It’s
probably because something went wrong in the buying process and if we can fix that, we can
not only fix it for them, but stop it happening for other customers.”
Cultural Change
Actively involving your customers in the personalisation journey is clear across the board.
But, what is not so clear is the right approach (and how to realise it) when it comes to
managing data under the GDPR. As David Lockwood, Head of CRM, Boden, sums-up:
“There are different routes you can go down – the commercially difficult, the hugely risky, or
somewhere in the middle.”
Data is always considered to be a valued asset but now that ‘personal data’ is the customers
to do with as they see fit, it will become a currency which retailers will have to demonstrate
they are worthy of holding and looking after on behalf of the consumer.
Technology is driving change but delivering it remains a resolutely human endeavour – one
that demands a shift in approach for retail leaders. While technology has driven the demand
for the GDPR (and transformation more broadly) the fact is that successfully delivering
change remains about people.
“Our big challenge is The most successful leaders today recognise their weaknesses lie in the different cultures
and silos within their organisations. Success, therefore, lies in building bridges between
culture, and shifting the
different functions. The arrival of the GDPR presents a springboard to move in this direction.
After all, at a time of change, the one thing people need is a positive vision of where you
want (the business) to go in the first place.
organisation towards
Changing titles, renaming departments, hiring one data guy, or bolting on some new
technology isn’t enough – it’s simply rearranging deck chairs on the Titanic. Taking
advantage of the GDPR opportunity requires real transformation. It means shifting your
customer-first thinking”
energy and resources from what is (kind of) working now into a bet you are making on the
future.
As Keeley Merrill, Senior Acquisition Manager, Karen Millen, puts it:
Keeley Merrill, “Our big challenge is culture, and shifting the organisation towards customer-first thinking,
Senior Acquisition Manager, and how to manage that transition. How can we use the information from a more streamlined
database to benefit the wider business?”
Karen Millen
It’s a similar story for Arcadia Group, says Cherry Pinches, Global Legal Compliance and
Data Protection Officer, Arcadia Group:
“We have board buy in and a mandate to roll-out various GDPR projects. But the challenge
is getting the 3000 people in Head Office and then employees across our 100 stores to adopt
a new culture that puts customers at the forefront (while trying to sell something). We don’t
want to fall behind in customer trust and then be seen as the ‘creepy’ brand.”
To change the culture, you must make the upsides to all this GDPR talk clear, adds Erdal
Enver, Digital Marketing Manager, Intu:
“To get buy in across the business it’s about showing the strength of better data
management in building longer lasting (and more commercial) customer relationships.”
That’s right, says Neil Ferguson, Director of Change, Boden, it’s all about establishing a new
‘normal.’
“We must focus on how we sustain changes as the new normal beyond deadline day,
so we don’t need a new regulation change to make us think more carefully around data
management again in the future.
“There’ll be a lot of effort put into meeting the deadline, but we don’t want that all to fall away
and then two or three years down the line something else to come along and we suddenly
scramble again to get our house in order.
“A big part of this is raising awareness. Front line employees need better training around
managing customer data. For example, our call centre employees are always asking for
customer phone numbers and emails, but there’s no training around the why, so we need to
educate the people across the business on the full risk of capturing data.”
Conclusion Final Thoughts
As we’ve learned, the GDPR forces retailers to assess what data is of genuine value to their
business (which has been on a lot of UK retailer’s to-do lists for a while now anyway.)
In this way, the GDPR presents a wonderful opportunity to re-think marketing processes,
technology and organisation from the ground-up with a customer-first mind set embedded at GDPR is not just about compliance. Retailers need to evaluate their role in holding and
each and every step. processing personal data for consumers.
As our senior figure from a major department store concludes: Data protection needs to be a continuous activity (or constant evolution); it needs to be
operational and embedded into everything retailers do, from the boardroom to the shop floor.
“It’s about putting customers back at the heart of the decisions we make in respect to their Data protection must be part of retail’s DNA.
data. The conundrum then comes down to how customers, commercials and compliance all
face off against each other.” The degree to which data will add value to your business, your customers, and your partners
is then entirely up to you.
The key message is to take control of the change inside of your organisation. Be prepared
and assess your existing data gathering and data usage processes, matching them against But with revamped processes, increased transparency, better data quality, greater customer
ICO guidelines. And, most importantly, plan for GDPR compliance with the mind set of engagement and improved security, retailers can absolutely generate and build customer
seeking to improve customer experience, rather than just a box-ticking exercise. trust. And in turn, help to drive sales, enhance customer retention and boost profitability. So,
while the GDPR may be regarded as a bit of a compliance burden, it opens-up all sorts of
As Erdal Enver, Digital Marketing Manager, Intu, puts it: opportunities that make commercial sense.
“GDPR is a huge opportunity to identify why we need customer data, what we use it for and And remember, if the rate of change on the outside of your organisation exceeds the rate of
what value can we offer the customers in return; it’s a great opportunity for us to realise our change on the inside, then be on guard as the end could be very near.
vision of being customer-centric.”
There is no denying that GDPR will have a significant impact on how retailers communicate
And remember, this is not a race to the deadline and then it’s all over. Once enforcement with their shoppers, and the risks of not having your house in order by next May are high.
begins, guidelines will continue to be issued and good practice will start to develop. It But this legislation could be a silver lining rather than a looming storm cloud.
shouldn’t be a conversation about how your organisation is going to get over a line by May
2018. Rather it should be a conversation about how to get there but also how to continue to
improve after that – continue to monitor the guidance that comes out, the precedents and the
consumer opinion. This is something that has to live and breathe in retailers almost as a new
function or with at least a heightened level of awareness around it.
As Puneeta Mongia, Multichannel Strategist, says:
“There are regulatory grey areas to navigate with GDPR; so we need to develop an ethical
compass to help guide us in how we use data. Transparent data consent and a clear
value exchange (that uses data to benefit the customer) could actually deliver stronger
relationships, rather than breaking down trust. Then beyond deadline day, we must view
GDPR as a constant evolution.”
Changing your perspective to think of the GDPR as an opportunity – not a burden – will not
happen overnight. But doing so will help you not only to prepare, but to give you a better
chance to get it right when it comes to balancing your need to understand customers with
their need for privacy.
Kris Marshall, Customer Insights Director, Gala Bingo puts it succinctly:
“It’s about delivering what our customers need from us in a step-by-step process. Firstly,
decide your strategic position on GDPR (get clarification at the highest level); secondly
communicate this approach internally; thirdly, educate employees across the business;
fourthly decide how you interact with your customers to make this process as seamless
as possible; finally, decide how you’ll segment customers so they don’t fall into the wrong
categories.”
Proactive retailers can take advantage of the opportunities GDPR creates to enhance their
data capabilities, repair any breakdown in trust between consumers and retailer, and grow
their business.
Brought to you by
One Connected Community
Specialist consultants on the role of technology in customer experience, transformation and
outcome driven innovation
Our partners research and share inspirational stories that highlight how technology and
engaging customer experiences make a real difference to the bottom line
www.oneconnectedcommunity.com
Hitachi Solutions
Hitachi Solutions is the global leader in delivering success with business applications based
on the Microsoft Cloud.
We are a trusted provider of vertical industry solutions built on the Microsoft Cloud. Our
mission is to help clients compete with the largest global enterprises by using powerful, easy
to use and affordable industry solutions.
www.hitachi-solutions.co.uk
Microsoft
Microsoft helps unlock digital experiences for insurers through omni-channel delivery,
customer insight and engagement platforms and mobile digital work styles. We help you
liberate data and democratise analytics to support better decision making. And we help
you release business agility with on-premises and cloud approaches to modernising core
systems for optimised operations.
www.microsoft.comYou can also read
