Hiding in Plain Sight
It has been standard practice for many years for retailers to keep records of customer complaints. These data stores have proved invaluable in improving products and production methods, identifying faults and building a trusted relationship with consumers.
However, with the introduction of the enhanced data protection laws in May of this year many companies are coming to realise that this once invaluable data resource is now an overlooked source of potential regulatory action. The reason being it is teeming with personal data.
Many of these data stores hold the details of the customers making the compliant. This is perfectly understandable; companies need to respond to the customer, investigate the allegation and act and improve. However, given the recent introduction of the European wide General Data Protection Regulation these data stores full of customer data are now a liability.
A recent survey by the research company 3GEM of almost 2000 consumers in the UK and Ireland found that more than a quarter had already exercised their data protection rights, with more than half planning to do so within the next year.
This should act as a wakeup call particularly for retail businesses as the survey showed 41% of consumers object to retailers using their data.
The new data protection laws enshrine the principles of transparency, lawfulness and minimisation. Many of these data stores have remained untouched for many years, accumulating valuable data and insight. However, the lawful basis for processing the data; consent, or legitimate interest has long since passed for much of this data. Retention policies need to be applied and the data anonymised or minimised and deleted. A challenge in highly integrated SAP landscapes.
By neglecting to manage these data stores and failing to apply the same data protection principles to them as are being applying to the rest of their landscapes, companies are not only leaving themselves open to action from the regulator. But also, action from overseas regulators. Many retailers are multi-national, and the GDPR applies to the whole of the EEA with consumers empowered to make a complaint in any jurisdiction.
SAP has produced a number of tools to assist retailers in their data protection compliance efforts. Assets such as Information Steward and Information Lifecycle Management, which enable companies to discover personal data and then manage it effectively. Applying retention policies, encrypting, minimising and deleting in a robust and transparent manner.
The Proceed Group continues to be a trusted SAP partner. Utilising many years of data management experience to assist clients in their data protection compliance journey.
With comprehensive consulting services from Proceed Data Protection Services, innovative software tools such as Black Light, and numerous recommendations from satisfied clients, we can focus on your data, so you can focus on your business.
For more information on our SAP Data Protections Services please do not hesitate to contact us for a more in-depth discussion.
MSc BSc PGCLTHE FHEA CIPP/E CIPM
Proceed Data Protection Services