New research has revealed that many retailers are unprepared for the recently agreed EU General Data Protection Regulation (GDPR)
According to the research from Compuware, 77% of retailers don't yet have a comprehensive plan in place for how they will respond to GDPR’s impact and less than half (47%) of retailers are well briefed on the regulation and how it will impact on how customer data should be handled.
And across the pond there's a problem also as 32% of US retailers hold European customer data, meaning they too will need to comply with the new regulations despite just 43% of US respondents claiming to be well briefed on the GDPR and its impact.
The research also indicates that retailers are struggling to control their data, which will make it difficult to comply with the 'Right to be Forgotten' mandate laid out in the GDPR.
A huge 71% of respondents said the complexity of modern IT services means they can't always know where customer data is while less than two-in-five (38%) CIOs can locate all of an individual's personal data quickly and nearly a quarter (23%) admitted they could not guarantee they would be able to do so at all.
Respondents also said that the use of outsourcers (81%) and mobile technology (66%) is making it even harder to keep track of where customer data resides.
"To comply with the GDPR, retailers need to keep stricter control of where customer data resides," said Dr Elizabeth Maxwell, technical director, EMEA, Compuware. "If they don't have a firm handle on where every copy of customer data resides across all their systems, retailers could lose countless man-hours conducting manual searches for the data of those exercising their 'Right to be Forgotten.' Even then, they may not identify every copy, leaving them at risk of non-compliance."
The Compuware survey was administered to 79 CIOs at large retail, distribution or transportation companies in France, Germany, Italy, Spain, the UK and the US.