Last year marked the start of a new wave of digital privacy regulation that has now reached U.S. shores. To successfully navigate the changing tides, merchants should embrace both the spirit and the letter of new GDPR requirements and institute transparent privacy controls across touchpoints.
As of last May, Europe’s GDPR requires companies to request consumer consent prior to collecting data; in addition, they must provide the tools for severing the agreement at any time. The year prior, Canadian anti-spam legislation went into effect, impacting not just email but social media and SMS practices.
In the U.S., the start of 2019 marked implementation of a Vermont law regulating online data brokers;next year California will enact what is set to become the strictest data privacy law in the country. Several other states have passed new data collection rules, leaving merchants who are increasingly reliant on consumer data for personalization wondering how they can navigate the choppy legislative waters.
Happily, regulatory compliance can also satisfy consumers’ dual desire for control and relevance. Deloitte found that 73% of consumers are willing to share data if they have control. Furthermore, 6 in 10 consumers say they’d like to receive individualized discounts or promotions. To strike the right privacy balance, merchants should:
Explain GDPR Requirement Practices Plainly, Early and Often
Merchants should parse the legalese in their privacy policies into plain English for GDPR requirements; this succinct version then can be used in a pop-up box or even on-page to quickly summarize their company’s data collection practices and obtain consent.
Implement Best Practices for Email
Email firm Litmus found that the majority of GDPR-compliant brands saw their list size decrease by 10% or less. Nonetheless, merchants should carefully vet their signup and sending protocols, and apply double opt-in routines as well as prominent opt-out language.
Offer a Comprehensive Preference Center
Savvy merchants have long offered email subscribers “preference centers” for throttling messaging cadence and content. Now they can use the same concept to offer easy access to a broad set of data preferences: from email to SMS to stored size and color picks. To make these controls prominent, merchants should take a page from StitchFix and other popular subscription services; requiring shoppers to build — and maintain — a “style profile” ensures relevance.
Prepare to communicate proactively about data breaches.
In the event of a data breach, the fallout in lost sales and reputation damage can be significant. Sellers should have a response plan at the ready that spells out at least the nature and extent of the breach. Additionally, the response plan should show what steps the brand is planning to take to repair security in the future, and what services will be offered to data theft victims.
What steps are you taking to prepare for privacy regulatory compliance?
