EU, U.S. Retail Groups Release GDPR Approach Paper

The National Retail Federation and EuroCommerce released a paper this week that addresses operational challenges retailers in both the United States and the European Union face as they implement programs to comply with new EU data protection regulations while continuing to meet consumers’ expectations for customer service.

The 14-page “Retail Approach to Implementing Critical Elements of the GDPR” said retailers want to find “approaches to compliance that will meet the requirements of the GDPR while ensuring that retailers can continue to provide customers with the personalization, omnichannel experiences and seamless retail operations that they expect.”

“There are still many questions about how the GDPR applies to critical areas of retail operations,” the paper said. “Retailers must find appropriate methods for GDPR compliance that further their customer relationships and do not frustrate them.”

The General Data Protection Regulation, which takes effect today, sets out changes to almost every area of customer data processing. Retailers with stores, websites, mobile apps and other digital platforms serving consumers will face new compliance standards, increased liability for violations and more stringent enforcement.

While the GDPR is European legislation that affects retailers headquartered in any EU country, it also covers companies from countries around the world that have stores in Europe, target sales to Europeans over the internet or through mobile apps and other remote commerce channels, or simply track European consumers online.

“These are European rules but they have significant implications for many U.S. retailers,” NRF President and CEO Matt Shay said. “This effort will help inform EU regulators as well as retailers on both sides of the Atlantic about an effective retail approach to compliance with critical elements of the GDPR. It is particularly important for U.S. companies that might not be fully versed in the EU’s new privacy requirements. In the world’s growing global economy, U.S.-based retailers’ consumer privacy and data security programs increasingly need to reflect worldwide obligations, not just national or state requirements.”

The paper released today was first envisioned in a 2016 NRF-EuroCommerce meeting in Brussels organized to share views on GDPR compliance among member companies, and the two associations reached agreement last year to develop the joint document. Topics covered include consumers’ right to data erasure and data portability, consent and legitimate interest as legal grounds to process customers’ personal data, data breach notification rules and customer profiling requirements.

“Protection of consumers’ data is a top priority for retailers around the world,” EuroCommerce Director-General Christian Verschueren said. “We are pleased to be working with our U.S. counterparts to ensure that Europeans and Americans alike can be confident about the protection of their data, helping our members understand these new rules, and how to deal with them.”

The paper will be shared with the data protection authorities in the 28 EU member states to make them aware of retailers’ efforts to ensure GDPR compliance while meeting consumers’ expectations to process data responsibly and seamlessly when serving them.