Retailers ill-prepared for EU data protection regulations

Over three-quarters (77%) of retail CIOs are unprepared for the new EU General Data Protection Regulation (GDPR), while 58% are putting customer privacy at risk by not anonymising test data.

Research from Compuware Corporation concluded that retailers are struggling to control customer data, which means they will find it difficult to comply with the 'Right to be Forgotten' mandate laid out by the EU in GDPR.

According to the research, 71% of retailers said customer data becomes hidden within their complex IT systems. Over half (56%) said they find it difficult to find their test data, while only 38% of retail CIOs can locate customer data quickly.

Retailers blamed outsourcers (81%) and mobile technology (66%) for making it hard to keep track of customer data, and only 39% of retailers would be able to remove customer data should they exercise their 'Right to be Forgotten'.

"To comply with the GDPR, retailers need to keep stricter control of where customer data resides," said Dr Elizabeth Maxwell, PC.dp, and technical director, EMEA, Compuware. "If they don’t have a firm handle on where every copy of customer data resides across all their systems, retailers could lose countless man-hours conducting manual searches for the data of those exercising their ‘Right to be Forgotten.’ Even then, they may not identify every copy, leaving them at risk of non-compliance."

Meanwhile, less than half (47%) of the 79 retail CIOs surveyed are well briefed on the GDPR laws. Companies must improve their data governance in order to be compliant.

The research concluded 82% of retailers use live customer data to test applications when developing software, but only 16% ask for explicit consent, which means the majority are non-compliant with the new GDPR rules. Additionally, 58% of the test applications with live data cannot guarantee the data is depersonalised.

"Using customer data to test applications is fairly standard practice, but there’s no need or excuse for not depersonalising it first," added Maxwell. "Companies that fail to mask data before using it to test applications could soon find themselves slapped with an eye-watering fine from EU regulators. As well as being better for protecting customer privacy, anonymising test data eliminates the need to obtain customers’ explicit consent for it to be used in this way, which nearly three in five (59%) of CIOs identified as one of the biggest hurdles in GDPR compliance."

For more information, click below:



What’s Hot on Essential Retail?