GDPR: Leading challenges online fashion retailers may face

London - The way companies process personal data across the European Union is set to change once the new General Data Protection Regulation (GDPR) comes into effect on May 25. The new legislation places a number of requirements on how businesses, such as fashion retailers, handle EU citizens personal data. But what effect will GDPR have on global fashion retailers, especially online pure-players? What are some of the biggest challenges they will face getting ready for GDPR? And how will it affect their businesses? FashionUnited takes a closer look.

One of the first and foremost issues online fashion retailers may face is finding the right people with the right skills and expertise to help them get ready for GDPR and navigate the data waters afterwards The high labour turnover linked in the fashion industry, which sees people constantly switching jobs means it may be harder for online retailers to hire the right individuals. “People are constantly moving around; many people work on a contractual or freelance basis,” says Anusha Couttigane, Senior Analyst, Fashion and Luxury Goods, at Kantar Retail to FashionUnited. “GDPR legislation will certainly increase the amount of red tape that prohibits people from being recruited to projects quickly and efficiently if they lacked the clearance or equipment required.” In addition to potentially hindering the employment of able workers, GDPR is also set to affect online fashion retailers advertising strategies.

GDPR may hinder the recruitment of freelancers and external workers

Although a number of pure-online retailers, such as Amazon, Asos and Boohoo have benefited from lax data laws which offered them the opportunity to leverage social media as a marketing tool by offering personalised shopping links, the question remains as to how quickly these retailers will be able to shift their strategies to ensure their customers remain both interested, as well as engaged, with their product offering. Under GDPR consumers will have to give their consent to continue receiving newsletters, emails and other types of targeted advertising, which means online fashion retailers will have to rethink their approach to personalised adverts.

"The average Internet user who has ever even browsed a shop online, will know the extent to which e-tailers tailor adverts that often pop up, seemingly coincidentally, on Facebook and Instagram feeds, according to what you have clicked on," explains Florence Allday, Beauty and Fashion Analyst at Euromonitor International to FashionUnited. "These will probably remain legal (at the regulators’ discretion), as they don’t exercise a 'legal effect' on the consumer. But for companies with loyalty schemes, such as Asos, Boots and Superdrug, personalised adverts which dictate what a customer’s points can be spent on will no longer be allowed."

GDPR: Online fashion retailers will have to undertake “less intrusive” forms of advertising

Therefore once GDPR comes into effect online fashion retailers will be forced to find other ways of leveraging their loyalty schemes and other types of advertising without creating a retail space in which legal consent is needed from the consumer. It can be said that the success of data-driven advertising among consumers is in part due to the fact that so many consumers are not aware of it, adds Allday. "When presented with a box on the screen asking if you want to give away your personal details, many people would say no. However, 'consent' is often built into the cookies that the average Internet user accepts without reading the terms and conditions."

The new limitations present in GDPR will ensure that online fashion retailers will need to undertake more traditional and less intrusive forms of targeted advertising. This, in turn, could see them looking to more authentic advertising forms, such as those used in physical stores. Data from Euromonitor International shows that online fashion retailers currently account for 20 percent of all apparel and footwear sales in the UK, and 15 percent across Western Europe. "But GDPR is set to drastically change this landscape of fast-fashion if key players do not address and adapt to the new, more private shopping landscape online," stresses Allday.

"Although companies will still be able to see what their customers are purchasing, there will be less scope for them to track closely their browsing habits and histories”

While leading online fashion retailers such as Asos and Farfetch, confirmed to FashionUnited that they are GDPR ready, they declined to comment on what steps they have undertaken to ensure they are compliant. However, one of the main challenges online fashion retailers are set to face with the introduction of the new GDPR is ensuring that they are compliant, particularly with data that comes from mixed sources, such as social media accounts, shopping accounts, and loyalty schemes, as it needs to be treated with the same consistency. "Fashion consumers are among the most channel agnostic shoppers and are most likely to use at least one form of social media as one of their browsing/buying pathways," says Couttigane.

According to Couttigane, some businesses are segregating data ahead of GDPR, by business unit, brand or border, which could make things complicated for retailers like Asos and Net-a-Porter, which work with fashion brands in several markets. Although compartmentalising data can help online retailers improve security, it can also limit visibility in a context where they are already challenged to create a single overview of the customer. "Furthermore, in the short term, I have no doubt that all consumers (ourselves included) will grow weary of the bombardment of circulations from companies asking for permission to maintain contact and so on," adds Couttigane.

Online fashion retailers & their suppliers needs to ensure full compliance with GDPR

Online fashion retailers not only need to ensure that they are compliant with all the new regulations under GDPR, they also need to make sure that suppliers are also compliant. “Consider that if a supplier slipped up in their handling of customer data and a larger retailer were found to be complicit in this, the fines could extend to 4 percent of that retailer’s annual global turnover or 20 million euros (whichever is higher),” stresses Couttigane. “This could be a particular pitfall for logistics suppliers or in cases where retailers have been sharing data findings with design and production companies to improve the offer.” Although the risk concerning the latter is much lower, in the case of logistics firms or IT service providers, the risk of being fined for non-compliance after May 25 is a lot higher, as they deal with data of a “highly personal nature.”

Next to being compliant with the new regulations under GDPR, online fashion retailers will also have to be quick to address consumers ‘right to be forgotten’, as they will have the right to have their personal data erased to which businesses have a month to comply. “Another key challenge will be exactly how retailers remove their consumers’ data, particularly when often information is stored on several distinct databases,” points out Allday. “For some companies, a complete redesign of internal IT systems will be required; for others, it will be a matter of whether a customer’s data is anonymised or completely deleted, and whether it will be possible to mix the two actions within one database.”

“Quite a number of retailers, as well as attending to their own preparations, are having to ensure that the partners they work with are also fully prepared for GDPR too”

However, as trends are equally driven by consumers shopping habits as well as the shifting fashion trends, if a large group of customers request that their data be erased from retailers systems, it may limit retailers data insights into what their customers are looking for next. “Data is instrumental in marketing, allowing retailers to bridge the gap between online/offline and digital/physical stores (where applicable), so retailers may struggle to maintain this without as much consumer information,” notes Allday. Without sufficient data, online fashion retailers in particular may have a hard time offering the right styles, to the right consumers at the right time. But it is not just retailers offering of trends that may be affected by GDPR - their security systems could be hit as well.

“GDPR will also expose brands whose security systems are not as sophisticated as they should be, as fashion retailers will be required to notify regulators of any data breach within 72 hours and in some case, they will be legally obliged to notify their customers too,” concludes Allday. “Before, some retailers lacked transparency, urgency and in some case, honesty, when dealing with data breaches. Forcing retailers to be transparent when it comes to security breaches will expose certain websites’ shortcomings, which challenges brand safety, reliability and credibility.”

The new regulations under GDPR will also make it clear that it is not only IT department from online fashion retailers who need to be up to date on data breaches and prevention methods. All members of the company, no matter what position they hold, as well as third-party affiliate companies, such as PR agencies, freelancers, insurance companies and recruiters, need to be up to date with GDPR.