It’s hard to imagine that almost 20 years have passed since retailers were frantically stocking Furby toys in time for Christmas and “Believe” by Cher was constantly on the radio. A lot has happened in the World since 1998, but perhaps one of the most significant events of the year was the introduction of Google. Not that we knew it back then, but the search engine has gone on to truly connect the world.
Another key event in 1998 was the Data Protection Act, introduced to control how personal information is used by organisations, businesses and the government. Since the act was passed, the gathering, storing and use of data by organisations has changed dramatically and the security around personal data is more crucial than ever.
With the primary aim of improving security around the use of EU national’s personal data, the General Data Protection – GDPR is due to come into force on 25th May 2018. If you have been reading up on the regulation, then you may have seen a variety of statistics highlighting a lack in preparation from many organisations. According to sources, 9 out of 10 firms are not ready, only 5% of EU companies are prepared and approximately 52% of organisations don’t understand the impact that GDPR will have on their organisation. These are worrying statistics.
As technology has evolved it has become commonplace for organisations to gather and hold data on individuals. Retailers are now able to gather richer data about their consumers, providing them with the ability to create targeted communications and promotions. However, only 20% UK consumers have trust and confidence in companies and organisations storing their personal information. Again, a worrying statistic for businesses.
Commitment from Cybertill
We take security very seriously and pride ourselves on being certified to the ISO standard 27001. As such, we have committed to having a product that allows our customers to be GDPR compliant by the 25th May deadline. With policies and procedures already in place, we currently make sure that standards for data confidentiality, integrity and availability are met.
Product functionality meeting the GDPR
We already have a considerable number of product features in place to help you meet GDPR legislation, including:
- User access controls to limit system access
- Ability to authorise which devices can access the system, ensuring maximum user security
- Auditable trace of user activity and visibility of who did what and when
- Unique PIN for all users when accessing the system, we even offer biometric user access (fingerprint readers)
- Control over the ability to view, create, amend and delete or export information about data subjects (such as customers or donors)
- Use explicit consent permissions for marketing purposes already in the Cybertill system
- Remove or anonymise personal customer data so customers can be “forgotten” from a system if they wish
- Any passwords that our customers’ operators or shoppers use (e.g. for on-line shopping) are already encrypted and are not visible to either Cybertill or our customers
- Single view of the customer (shopper) history and any notes associated with them, meeting the “Subject Access Request” GDPR compliancy point
- Data is stored in one infrastructure via a managed service, meaning that you don’t have to worry about having to keep data up to date and securely managed across multiple platforms or systems
Future proofing our product
Continuous improvement and innovation is something we strive to do here at Cybertill. Which is why we are developing our product, making it easier for customers comply to the GDPR. We are currently making it easier for our customers to anonymise data and move this data between separate systems, providing more compliance control to the retailer. Marketing “opt-in” consent will be enhanced, adding sub-choices for shoppers to opt-in to when receiving communications.
In time we anticipate that the GDPR law will evolve and you can be assured we will be pro-actively helping our customers as it does.