Learn why the EU GDPR may actually be good for business

This article was originally published on Khaleej Times

Prelude

Decision makers in the European Union (European Union, the Council & the Commission) reached an agreement in December of 2015 on something that they had been working on since 2012. This decision, as it turns out would have a major impact globally. This decision was to agree on a revised framework for data privacy, data ownership & data handling, which was meant to apply to EU & its citizens. The EU defined May of 2018 as the month when this new framework would become effective, something which had not been changed since 1995 [European Data Protection Directive (Directive 95/46/EC)].

The basic tenets of EU GDPR, or GDPR in short, are not really different from what is common knowledge, but what differs now is that it has been codified into a regulation, something which had not been done earlier. In this article, we will go through these basics & get to understand how GDPR is in fact very good for business in the long term.

Why data security is important?

This is a rhetorical question to begin with! Our constantly-connected world has increasingly become digital to an extent that now it is possible to live comfortably without having to ever step out of our homes. We can work remotely, order food from home, communicate with our loved ones digitally & shop online. There is barely any activity which cannot be performed online. This has increased the amount of digital footprint that our lives leave behind & the amount of data that is recorded, transmitted & generated about ourselves.

With this increase in digital information about everyone, it is meaningless, may be even unwise to ask why data security is important. In the pre-digital era, we would protect our offline assets, our house, our car, our paper documents, and our electronics; and in the post-digital era, when each of physical assets have been virtualized, it is expected that we need to protect our digital assets.

We do not ask why insurance is important for peace of mind of our family or why seat-belts are important for our safety or even why ensuring safety & security of our family is important! In same tone, we should stop asking why data security is important.

Pre-GDPR era

The European Union, when it took up evaluation of the European Data Protection Directive (Directive 95/46/EC) realized several logical flaws in data protection guidelines, principles & regulations.

Data collectors were effectively free to do whatever they wanted to do with it no matter who it belonged to, how it was stored, how it was handled, what was intended to be done with it. This freedom arose out of a lack of clear guidelines & boundaries, mainly since the then existing framework had not defined them well enough. This led to a culture of interpretation in manners that served their own business goals.

Another fallout of a weakly defined framework was that data collectors & data processors were unsure on exactly how data security should be implemented. While companies genuinely intended to protect their customer’s information, they were unsure about how exactly they should go about doing this. In absence of national regulations to guide them, internal policies ended up being undefined or under-defined.

And finally, a major consequence of the previous framework was that data privacy protection as a business activity became largely self-regulated. This created a conflict between business objectives & security objectives in organizations. Business objectives would frequently dominate over security objectives due a constant pressure on profitability. Many organizations which displayed clear intentions of upholding high standards of data privacy & security chose to adhere to frameworks such as ISO 27001, but without a regulatory mandate, it became a case of choice & not compulsion. The EU identified this gross failure & decided that self-regulation was clearly not the way forward.

There are several examples of global successes involving regulations making it clear as to what organizations are permitted to do & what they must avoid. Financial & Banking industry is one such case where it could not exist without such regulations.

In the domain of data security, which is a relatively newer field, Singapore’s PDPA & HIPAA from the United States of America are excellent examples. Governments of several countries have silently been working on setting up regulations which are strong enough to set up clearly defined boundaries & principles.

Impact of a Data Breach

While news of a data breach are surprising, data breaches have had significant negative impact on several organizations. The most major impact that an organization faces when a data breach happens is a permanent loss of goodwill. They become examples of data security breaches. They get quoted, over and over again, in conferences, in discussions, during audits, in training programs. This impact takes a very long time to disappear. Some examples of major data breaches and their impact are listed below. These should make it clear that data breaches are usually very costly whenever they happen.

  • Multiple data breaches in 2013 & 2014 knocked an estimated $350 million off Yahoo’s sale price in 2016 when it announced that the breach was larger than it had estimated earlier.
  • Following a breach in 2008, Heartland Payment Systems was deemed out of compliance with the Payment Card Industry Data Security Standard (PCI DSS) and was not allowed to process the payments of major credit card providers until May 2009. The company also paid out an estimated $145 million in compensation for fraudulent payments.
  • After a breach in 2013, Target’s CIO resigned in March 2014, and its CEO resigned in May. The company later estimated the cost of the breach at $162 million.
  • The data breach is believed to have cost Uber dearly in both reputation and money. At the time that the breach was announced, the company was in negotiations to sell a stake to Softbank. Initially, Uber’s valuation was $68 billion. By the time the deal closed in December, its valuation dropped to $48 billion. Not all of the drop is attributable to the breach, but analysts see it being a significant factor.
  • In 2014, Sony agreed to a preliminary $15 million settlement in a class action lawsuit over the breach that occurred in 2011.

What does GDPR expect from businesses?

GDPR is legally worded & presented, but it is easy to understand its general principles. GDPR wants businesses to care about data security of subjects, have a sense about rights of data subjects, and enforce responsibilities of the Controllers & Processors who manage & work on the data.

  • Every business activity involving someone’s data should to be lawful, fair and transparent. This is a straight-forward expectation. No business is permitted to use data illegally, unfairly or covertly.
  • What is expected to be done to someone’s data should be expected by, & known to, the person whose data it is. In other words, anyone should not be surprised with what a business does with their data.
  • Businesses should gather only necessary amount of data for the purpose of carrying out their business.
  • The data you keep must be accurate. Active involvement & engagement of data owner is recommended to maintain accuracy over a long period of time.
  • Business should only keep data for as long as it is needed. Once someone’s data is not required anymore, businesses should delete it.

Global relevance of GDPR

Owing to the fact that the EU has spent significant time & effort in evaluating changing needs of data privacy & security, following which it came up with a robust regulatory framework, several governments internationally are changing their own Data Privacy & Security Laws to reflect elements of EU GDPR within their own regulations.

This in essence makes GDPR not a Europe-specific regulation, but an international one, although implemented & enforced by various Governments.

It is commonly believed within security circles that adhering to GDPR makes an organization automatically comply with most of global standards & regulations. This belief also extends to organizations & security professionals seeing a major change in how internet behaves.

What does GDPR mean for Consumers & why it is good for business?

Consumers in general are not against the idea of sharing their personal information with businesses. Rather they dislike it & react strongly if their trust is breached, which may be because an organization did something with their data which they did not consent for, or something that they did not expect an organization to do, or something that they clearly were opposed to when sharing their data.

And consumers are especially offended when organizations take them for granted & do something that undermines their value. This last point has been sufficiently proven by the worldwide outcry following revelations of how Facebook carelessly handed over data to Cambridge Analytica without consent.

Consumers also tend to become upset when their trust is implicitly breached when organizations do not implement adequate levels of security to protect their data and which eventually leads to a breach. In such cases, consumers are usually more forgiving, as long as the organization is genuinely apologetic & takes measures to improve their security. This case has played out several times as with Sony PlayStation, Target, LinkedIn & Equifax, all being major breaches due to lower standards of security. All these organizations followed up their breach with improved standards of security.

GDPR addresses all of these issues of consumer trust by making it mandatory for organizations to ensure that proper consent is obtained, data is handled exactly as indicated, data is never handled carelessly, adequate measures of security are implemented to protect data, control of data is handed back to consumers, & data is deleted when not required anymore.

As against earlier times, when organizations decided for themselves as to what & how they handle security, EU GDPR makes it mandatory, makes it clear & makes it explicit. Organizations have a ready set of principles on how to go about handling consumer data & what are the bare minimum set of things that they need to do while dealing with data.

Organizations do not need to self-regulate anymore. Adhering to GDPR makes it easy & makes it clear. This leads to a scenario where trust levels of consumers on businesses improve automatically. Consumers now know that organizations are adhering to a set of principles & this is why they will trust them more.

Trust is good for consumers & trust is good for business.

Cross-channel orchestration through Order Management System

How cross channel order orchestration, through an Order Management System helps you deliver on omnichannel experiences

As businesses faced pressure to go online, most established digital avenues for their customers to shop from, but is this enough to fulfil the exponentially increasing customer expectations of today?

It’s important to realise that consumers are not just secluded to either online or offline channels exclusively. They move across these channels conveniently to buy what they want, where they want, right when they want it.

Cross-channel orchestration through an Order Management System could be your first step in providing the omnichannel experience that your customers now expect. It also helps retailers achieve the right balance between cost, speed and efficiency

Receiving orders

Let’s consider Sandra, who is looking for running shoes at a sportswear website. She finds a pair of light blue trainers she likes, adds it to her cart and proceeds to check out.

A Deloitte study revealed that 69% customers want various delivery/pick-up options. 56% customers also expected the product to reach them within 3 days.

Since the sportswear brand uses a highly configurable Order Management System, Sandra gets the option to buy online and get it delivered to her home, buy online and pick it up from a nearby store or buy in-store and get it delivered to her home etc. Based on her convenience, she chooses to get it delivered and since she’s happy with the estimated time of arrival, she makes a credit card payment, confirming the purchase. A Deloitte study revealed that 69% customers want such delivery/pick-up options. 56% customers also expected the product to reach them within 3 days.

OMS gives retailers a single view of all orders, including Sandra’s, coming in from each customer touch point such as their ecommerce website, marketplaces or offline stores etc. Retailers also get a single view of all inventory, across all departments, from sales, operations to support. This eliminates errors, reduces costs and makes fulfilment a breeze. The sportswear brand could now maximize their existing inventory, reduce turnaround time and markdowns, enabling a faster cash cycle. Visibility into payments and reconciliation also ensures the customer’s purchase intent before the product is shipped.

Getting orders ready

Once a customer places an order, the products chosen could be located either at a warehouse or at a physical store. Depending on the configured rules, the OMS automatically calculates the fastest or most cost-effective locations from where these products could be picked up to be delivered to the customer. By treating offline stores as mini-distribution centres, retailers could optimise their real-estate investments, and even do without warehouses in some cases.

According to Direct Marketing News 46% consumers would stop doing business with a retailer if they were late at fulfilling an order.

According to Direct Marketing News 46% consumers would stop doing business with a retailer if they were late at fulfilling an order. The sportswear brand’s OMS found the shoes Sandra wanted at an offline store near her home, allowing a faster delivery time which was important for Sandra. The retailer also managed to reduce shipping costs involved, most of which was passed on to the customer. High shipping costs can account for more than 50% cart abandonments according to comScore.

Delivering these orders

Once the order has been placed and the optimal product pickup location is calculated, it’s time for the product to be delivered. With a single view of orders, Steve the store associate, could view Sandra’s order and pack the shoes ahead of time, keeping it ready to be shipped.

The Order Management System maps the best logistic partner available for fulfilment. Moreover, certain OMS come bundled with Logistics Management Software which helps with the optimal delivery routes from the first to the last mile, reducing costs and increasing speed.

Soon, Sandra’s shoes were picked up by Mark, the assigned delivery personnel, along with 2 other deliveries that were scheduled from the same store. With OMS, now Mark knew Sandra’s house was the closest to the store and left to deliver her package first.

Elevating post purchase experience

Sandra was anxious about the delivery and called support to enquire if her order would arrive at the specified time. A single view of all orders and delivery details to all departments, from store associates to support staff, enables them all to help the customer better. As soon as she mentioned her order reference number, the support rep, Lauren, informed her that her shoes were out to be delivered. As soon as she hung up, Mark had reached Sandra with her order.

Despite delivering the perfect order, the customer may not like a product and decide to return it. Infact, return costs can account up to 40% of all goods in some industries according to Deloitte. Optimizing returns management through physical and online channels is a must for profitability. When Sandra tried her shoes on, she noticed that they were a touch too big for her, so she opts for a replacement in a smaller size from the website.

Return costs can account up to 40% of all goods in some industries

With OMS, mapping all returns, replacements and reconciliations becomes very easy for operations executives. Though the original store didn’t have the size Sandra wanted, a nearby warehouse did. OMS mapped the order to the warehouse where Mark again, picked up the shoes and delivered it to Sandra while collecting the shoes Sandra returned at the same time. Sandra’s new shoes fit her perfectly and she was now ready to hit the gym.

Does delivering perfection make business sense?

Today seamless integration between various channels are a necessity to meet customer expectations, but putting an Order Management System in place could have other far reaching effects on your business too. Apart from increasing efficiency throughout the supply chain, OMS can also bring advanced analytical insights into the fulfilment process. Businesses can gain from enriched consumer data with a single view of each consumer and their preferences across channels. It also eliminates errors in fulfilment, mitigating loss in customer trust and loss of sale. With artificial intelligence, the automation OMS brings to cross channel orchestration can significantly reduce pressure on your workforce as well. Moreover, optimisation of the fulfilment processes results in significant cost savings across the board.

How eCommerce and Bricks & Mortar Came to be Friends

The Digital Boom

When Flipkart and Amazon hit the Indian market, brick and mortar companies started to wipe cold sweat. Online shopping was starting out with a mean purpose, and it looked like it wasn’t going to go anywhere. Malls shut down, bookstores suffered, while all online stores winked and said, “Cousin, business is a – boomin”

But fast track a few years into the retail revolution, and it became clear that the repercussions weren’t as apocalyptic as we’d initially assumed them to be. Shopping, after all, is an experience online stores simply cannot offer. There is a convenience in walking down to a nearby supermarket to get groceries for the cake you need to bake in the next hour. There is leisure in strolling around with your cart looking for new products you can try, there is simplicity in reading through the fine print behind a box before buying it all on a lazy Sunday with your family. Online shopping can get you suggestions and reviews, but they can never give out the retail therapy that brick and mortar stores deliver. eCommerce platforms are certainly booming individually, but as retail channels, they don’t hold a candle to the excess of consumers who prefer to just drive to the nearest mall and buy what they see.

As polarized as digital platforms and brick and mortar stores were, retailers soon realized that technology didn’t have to be their enemy. Muttering “Amazon” in a Landmark store while grunting at the inconvenience of searching for books will certainly get you looks from the dark side, but it won’t exactly make you wrong. As brick and mortar retailers, the convenience of digital platforms is not something they should overlook, and the rumbles of customers impatiently searching for products is not an experience they should endorse. Harnessing the power of technology, as clichéd as it sounds, can always make the physical retail experience far more accessible, leading of course to wider possibilities of sales growth, repeat customers and popularity.

Digital Technology in the Real World

For physical retailers, digital data collection and analysis can open entirely new doors and ensure the best results in the form of customer satisfaction, loyalty and relationships. Instead of relying on more traditional methods of marketing, retailers can keep digital signages of their customers, analyze their behavior and feedback to base all their products and marketing pitches on calculated data and actionable insights.

One of the more exciting possibilities today is to accurately analyze foot movement and customer traffic across the store to measure conversion ratio, sales and marketing effectiveness, while strategically creating in-store heat maps, ensuring maximum visibility of the product. Artificial Intelligence makes this possible at a fraction of what it used to cost to gather such data.

Accurate footfall analysis allows offline functions of brands to take a more informed and strategic approach to selling.  By correlating the data to optimize their stores, whether it’s in terms of staff or products, allows for smarter marketing, and consequently would lead to better store conversion ratios.

In-store AIs are advantageous, as their proactive actions and didactic learning ensure real-time data collection and analysis, as well as their recommendations and suggestions which are directly accessible to both retailers and customers. Not only do these strategies enable additional sales, but well used and analyzed data can drastically improve the satisfaction of customers, who are getting exactly what they demand in the form of highly personalized experiences.

The Endless AI

AI is particularly useful for curating an experience, the possibilities of which are almost endless: beacon features used by physical retailers such as Amazon Go are incredible examples, and interactive kiosks, virtual and augmented reality, as well as location-based services, are only some of the innovative experiences that a tech-enhanced reality can offer. Technology can creatively wipe off some of the frustrating aspects of brick and mortar retail, such as the unavailability of the exact aspects of the product, the time spent hunting for the right product and the decision-making process that is often limited or impaired by lack of time or resource.

The offline Chinese grocery market, for example, was almost completely devoid of innovative customer service. But Alibaba’s grocery retail venture Hema created a game-changing paradigm shift with its blend of online and offline experiences. Across its 25 supermarkets, each Hema has an online catalog for its in-store meat products for customers to use to check the product’s history, nutritional value, and sourcing. They can use the stamped barcode to check out their items through the store, while online customers can expect a delivery of same to their homes in 30 minutes.

It is becoming increasingly clear that the competing eCommerce and brick and mortar retail work far better when in, they are in sync. Not only can technology profile the average customer requirements for more inclusive store stocks; retailers such as Abercrombie and Fitch actually use it to let customers view and buy online or offline products while at the store. Customers almost always arrive with a notion of having multiple choices and chains to buy from, and ensuring a smooth selection and buying process is vital to the store. Chains like Abercrombie and Fitch have accomplished this by presenting the customer with an ‘endless aisle’ of products, cataloged online and without the restraints of space, but available at the customers notice in an offline channel. For intelligent technology in physical retail, the sky’s the limit.

Order Management

The fusion of eCommerce and in-store platforms means a heavier load on the brick & mortar system. While the gains from higher sales are certainly tempting, it’s also necessary to remember that it comes at an excessive cost, mostly based on managing the orders coming through various channels. None of the advantages resulting from an online inclusive experience would be possible without high end and advanced methods of order management. Creating such systems are vital to the success of brick & mortar ventures into the digital realm, as they enable easier inventory organization as well. The end results in a smooth, seamless experience that is a blend of digital retail in a very physical experience – limitless in its possibilities and stalled only by the imagination.

The Competitive Heat

The synchronicity between eCommerce platforms and brick and mortar retailers only works when they aren’t disjointed rival stores. Technology belongs to everyone in the new field, and it has leveled out the competition grounds between the polarized channel’s stores. eCommerce stores scramble for exclusive deals to attract more customers, while brick and mortar stores run on loyalty, intelligent market pitches and a personalized customer experience. The entrance of interactive digital technology has given retail stores the stepping ground to come to blows with their online competitors. The game is no longer eCommerce vs. brick and mortar, it is store vs. store and depends completely on which one utilizes its unique force the best.

So cousin, business is a-boomin, and may the best man win.