It's here: the General Data Protection Regulation (GDPR) in the EU, when the rules regarding data use and breaches will be overhauled to better protect consumers and Internet users against invasions of privacy. On 25th May 2018 online fashion companies will have to change the way they interact with their customers and use their personal information. For pure play retailers like Amazon, ASOS, Boohoo and Missguided, all of whom have benefited from the ambiguity of the EU’s existing data laws, the General Data Protection Regulation has the potential to drastically, perhaps catastrophically, alter how they operate.
Lax data laws have allowed fashion retailers to leverage social media even more by offering personalised shopping links that lead to clicks and therefore sales. Online fashion brands are faced with the momentous task of overhauling not just their business strategy, but ensuring that their brand identity is not watered down by GDPR. In 2017, Pretty Little Thing’s sales skyrocketed by 289%, making it one of the world’s fastest growing companies. Its dedicated Millennial following is kept interested by frequent emails reminding them of a dress they looked at, or items similar to their past purchases. The big question is how this type of company can continue to thrive online when its customers will now have the option of total, opaque privacy, that was not offered before; Pretty Little Thing will have to ensure that its appeal is stronger than the temptation of not receiving daily, annoying junk emails.
Emails like this will probably remain legal (this is at the regulators’ discretion), as they don’t exercise a ‘legal effect’ on the consumer, but for companies with loyalty schemes (ASOS, Boots and Superdrug for example), personalised adverts which dictate what a customer’s points can be spent on will no longer be allowed. Online retailers must therefore find ways of leveraging their loyalty schemes and other forms of advertising without creating a retail space in which legal consent is required from the consumer. The success of data-driven advertising has been, in part, down to the fact that so many consumers are unaware of it. When presented with a box on the screen asking if you want to give away your personal details, many people would say no. ‘Consent’ is often built into the cookies that the average Internet user accepts without reading the T&Cs.
The new limitations will require more traditional, less intrusive forms of targeted advertising, which will involve looking to more authentic advertising used in physical stores. Euromonitor figures show that online fashion retailing now accounts for 20% of all apparel and footwear sales in the UK and 15% in the whole of Western Europe, but GDPR will drastically alter the landscape of fast fashion if the key players do not address and adapt to the new, more private shopping landscape online.
GDPR will also expose brands whose security systems are not as sophisticated as they should be, as retailers will be required to notified regulators of any data breach within 72 hours and in some case, they will be legally obliged to notify their customers too. Before, some retailers lacked transparency, urgency and in some case, honesty, when dealing with data breaches. Forcing retailers to be transparent when it comes to security breaches will expose certain websites’ shortcomings, which challenges brand safety, reliability and credibility.
Another key challenge will be exactly how retailers remove their consumers’ data, particularly when often information is stored on several distinct databases. For some companies, a complete redesign of internal IT systems will be required; for others, it will be a matter of whether a customer’s data is anonymised or completely deleted, and whether it will be possible to mix the two actions within one database.
The new regulations also make clear that it is not just the IT departments of retailers who should be clued up on data breaches and their prevention, but all members of the corporation, no matter what level, as well as third party affiliate companies, such as PRs, freelancers, insurance companies and recruiters.
Data is instrumental in marketing, allowing retailers to bridge the gap between online/offline and digital/physical stores (where applicable), so retailers may struggle to maintain this without as much consumer information. Currently, the online shopping experience is often a 24/7 engagement, with emails landing throughout the night offering similar items to your shopping/browsing history. Without this constant presence, online fashion retailers will have to find less intrusive ways of keeping high levels of engagement with their consumers.
Although companies will still be able to see what their customers are purchasing, they will be less scope for them to track closely their browsing habits and histories. The consumer’s ‘right to be forgotten’ must be addressed within one month, and customers will also have the right to have their personal data erased. Although thousands of fashion products sold online are inspired by luxury catwalk items, trends are equally driven by consumer shopping habits and patterns. If customers request that they be erased from retailers’ systems, it could limit insights into what their customers are looking for next.
There are several steps that fashion retailers could pre-emptively take to soften the blow of GDPR:
- Ensure that all staff members are made aware of what constitutes a data breach; how serious they are, no matter how few people may seem affected initially; how to report them; how to prevent them.
- Invest in Customer Relationship Management, both to allow customers a human point of contact for questions and queries regarding their personal data, and to maintain personal engagement between the retailer and consumer that could suffer as a result of GDPR.
- Be transparent with customers about exactly what their rights are, how they can request more information and how can they can have their data removed. As the world saw in the wake of the Cambridge Analytica and Facebook scandal, transparency and honesty are both vital to keep customers loyal and to ensure that they feel safe on the Internet.
- Focus on social media marketing and advertising to ensure personalised content that keeps individual consumers engaged and interested in the brand, without their data being compromised or exploited. EMI figures show that in Europe, over 60% of 15-29 year olds use social media every day; shoppers who are already very active on social media will get more excitement from one public mention on Twitter by their favourite brand than from daily 2am emails, subject line “It’s not too late…”