‘The Most Important Data Privacy Regulation in 20 Years’ Making Sure Retailers & Telco Systems are GDPR Compliant

“The most important data privacy regulation in 20 years.”

The month of May is upon us, and with it comes the much-anticipated GDPR deadline. With customer email inboxes filling with ‘action required’ content from retailers, telcos, brands and businesses – the new data protection revolution is gathering increasing momentum.

For retailers and telcos, GDPR is much more than a data cleanse or a one-off frustrating inconvenience, it’s an opportunity to renegotiate the terms of engagement between people, their data, and your company, whilst also throwing light on the systems you have in place to ensure you remain GDPR compliant both now and in the future.

In the past, you may have had systems that hold on to data ‘just in case’, but this is no longer an option. The need for transparency and accountability is more vital than ever, and one way to ensure you don’t fall foul of the new guidelines (and straight into non-compliance) is to only use solutions specifically built to be compatible with the fundamental axioms of GDPR.

So, back to your data systems, which will be the real crux as to whether you officially comply or not. Some points to be aware of:

Many legacy internal systems or systems created by in-house teams share a central data repository where any data may be made available to many applications. This makes it difficult to control which applications are responsible for which datasets, and in the new GDPR world, this is a complete no-no. Using a third party solution to perform specific tasks can allow a more focused view on what data is to be used and more importantly why it is needed for a process – as long as that system has been built with that in mind.

For retailers and telcos, continuing to collect authorised data, and optimise on legacy data that has been cleansed, is paramount, so tailoring advice and recommendations across multiple channels is essential. If a customer feels their data is providing them with valuable and intelligent recommendations based on their own personal preferences across multiple channels they are much more likely to purchase, repeat purchase and allow their data to be stored.

Case in point, Conversity’s platform is an intelligent guided selling platform that is fully configurable to allow only data that is needed for a process to be integrated or uploaded; it can be configured to dispose (or retain for a defined period) any data, which has been used for a process – the ultimate GDPR goal.

The other benefits of a third party systems supplier is that they are required to provide clear contract obligations regarding data use, meaning retention and destruction can be defined and adhered to. This does not always happen with internal system development leading to data audit complications. We’ve found that lots of customers prefer to work with smaller, boutique suppliers who are experts in their field – especially when it comes to co-creating bespoke solutions for the likes of GDPR compliant policies.

The pending enforcement of GDPR represents a particularly pressing impetus to gain a clear, comprehensive understanding of what you have and where it lives. Poorly managed IT systems may cost you thousands; failure to comply with GDPR can cost millions. So take a good hard look at the systems you have in place.


Whilst GDPR is a hot topic at the moment, remember most of the regulation is around common sense on whether the system in question actually needs the data or not. The new legislation is really just a logical approach to data management and providing transparency around how you’re using that data.

Think of it that your customers will have the freedom to opt in, rather than the burden of opting out, and that emphasis on consent has the opportunity to create a financial reward to building consumer trust. This exchange of value, plus tailored advice and service using IGS software, is a huge opportunity for retailers.

As Information Commissioner Elizabeth Denham told an event hosted by the Association of Chief Executives and the Public Chairs’ Forum in London, “Those that merely comply, that treat the GDPR as another box-ticking exercise, miss the point. And they miss a trick because this is about restoring trust and confidence. Only one in five people in the UK trust organisations to look after their data. That’s not good enough,”

Ensuring that you have systems in place that fully comply with GDPR’s guidelines and focus on ‘privacy by design and default’ will take the headache from all your future data processing, so make sure it’s a priority for your retail and telco business. GDPR needs organisations to include privacy in their processes and systems by design. This means that all the company software and systems should adhere to the key tenets of GDPR.

Privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. For example when:

  • building new IT systems for storing or accessing personal data;
  • developing legislation, policy or strategies that have privacy implications;
  • embarking on a data sharing initiative; or
  • using data for new purposes.

You need to be ready to delete or ‘anonymise’ data sets, as well as be able to provide consumers with a copy of their personal data in an electronic format at the drop of a hat if requested. A straight dump of tables from lots of disparate systems is unlikely to make the cut here, so your systems need to keep this data in a structured and commonly used standard electronic format. RIPPL has all these features built in.

The inconvenience caused by GDPR will allow businesses to clean up their act and improve business efficiency. The inbuilt privacy mechanisms will help them gain consumer trust and loyalty, and ultimately improve sales. As we’re on the cusp of the data explosion that is the Internet of Things (IoT) – future proofing is essential.

Talk to us if you want to implement a GDPR fully compliant guided selling platform.