You might have noticed your inbox inundated with updates to your favorite website and retailer privacy policies. Retailers across the globe are shifting gears and reexamining their data collection practices thanks to the new General Data Protection Regulation (GDPR) that took effect on May 25. While these new policy regulations are focused on data collection practices in the European Union (EU), they affect all companies and retailers doing business in the EU, regardless of where they’re based.
Retailers use a variety of digital technology applications to collect consumer information to better understand their customers, provide higher quality service, anticipate inventory needs, etc. Brick and mortars stores may use RFID or NFC technology to collect personal data and monitor shopping behavior while online retailers retain their shoppers’ past purchases, browsing and click history and, of course, personal data such as address and credit card information. In this day and age of data breaches and identity theft, consumers want their private information to be protected.
The new legislation builds on the EU Data Protection Directive (DPD) that was adopted in 1995. The GDPR is designed to provide greater protection to consumers by making data collection policies more transparent and intentional, placing increased accountability on data controllers and processors and giving more rights to consumers who feel their privacy has been compromised.
In the case of RFID technology, retailers were already required to provide consumers with clear information on they type of data collected and how it will be used, as well as clear labeling when RFID is in practice. The GDPR builds on these requirements, casting a broader net over geographic scope, liability, and what is considered personal data, while also instituting more individual rights and tougher sanctions on violators.
To find more about the GDPR and its implications on RFID and other technology and data collection practices, click here.