As more time passes, it’s become evidently clear that the COVID-19 pandemic has affected every industry. Most notably, it’s caused retail companies to change every aspect of business — from how they market to consumers to ramping up their e-Commerce business amid store closures. As retailers start planning for the months ahead and how to deal with business impact, one thing that’s certain is that they will continue to rely heavily on data and its global flow, using global-scale data infrastructure such as cloud computing to maintain operations in multiple countries.
This global connectivity has enabled cross-border economic activity, and in turn, has allowed established retail players and new startups to focus on direct-to-consumer (DTC) models to enter new markets. But as retailers continue to expand globally and enter new markets, there are new sets of data requirements that they have to adhere to, in order to properly handle and store data while staying compliant with data regulations. Now more than ever, it’s vital for marketers to reach their targeted audience while keeping up with complex data protection laws.
In this piece, we’ll touch on the challenges retailers face when handling customer data, especially as they expand business globally, and how they can keep up with various government regulations on cross-border data flow.
Consumer Concern About Data Protection
Retailers are already making extensive use of digital identities. Brands create personalized experiences by using data sets derived from loyalty programs and their ability to track transactions, location data used from customer’s phones, or even one’s simple Google search of an item — or more commonly, asking Alexa about a specific product. These targeted marketing campaigns and virtual shopping walls all collect personal data.
Yet consumers aren’t comfortable with how much of their data companies have access to. A recent survey conducted by Deloitte found that the vast majority — 86% — of consumers believe they should be able to opt out of the sale of their data. Consumers often worry about how their data is handled and if it’s properly protected. And often, their concerns are valid. A study conducted by Stanford business school professors Charles Jones and Christopher Tonetti found that when companies own consumer data, they hoard it and fail to respect privacy.
As such, governments are increasing data regulations because their constituents are oftentimes calling on them to do so. Brands need data to provide personalized experiences for customers, but how should the data be handled, and how much control should companies have over the data? How can retailers operate globally while ensuring their customers’ data isn’t compromised? How can they partner and rely on SaaS providers that adhere to data residency regulations?
Ultimately, we need to find a balance. Consumers need a guarantee that their data is being safely protected. In tandem, marketers need to have access to data so that they can create the right marketing campaigns and sell to consumers across borders, while always ensuring global data compliance.
Increasing Government Regulations
While the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict that data flow.
Today, more than 107 countries around the world have data protection laws in place. For example, China’s Cybersecurity law requires all personal data collected from users to be stored within the country’s storage borders. That means that if you’re shipping a product from China, but the buyer is in the U.S., you need to adhere to both China and U.S. data laws. Australia has its own, the Australian Privacy Principles law, which requires businesses to comply with their own storage, collection and data processing guidelines. So if an Australian was buying a product from the US that’s made and shipped in China, there are now three separate country regulations that the company needs to adhere to.
In tandem, there has been a new wave of retail SaaS providers that have emerged. This includes Point-of-Sale (POS) systems, inventory management, CRM platforms and more. These systems are collecting consumer data, and due to an increasing level of government regulations, retail SaaS providers are struggling to help customers conduct business overseas where these mandates exist.
For luxury brands, these laws have caused a tipping point in their business model. Luxury is built on offering a knowledgeable, tailored and seamless service — niche products and services that set them apart from other brands. Through digital strategies, luxury companies are using data to derive customer insights and understand trends and developments.
The multitude of these regulations has forced this personalized experience to be more transparent. And if they’re not, it could lead to millions in fines, or worse, being banned from conducting business in certain countries entirely.
Expanding Global Business While Meeting Regulations
In today’s age, brands have no choice but to keep up with global data regulations. They must also ensure that their SaaS providers are also keeping up with verticalized regulations. If a transaction is coming from the APAC region, for example, but is shipping to London, is it meeting both of their payment data requirements? In short, it can be a never-ending cycle.
But as new regulations surge, so do new solutions that allow retailers to focus on expanding business and delivering a seamless experience for customers, instead of spending internal resources to meet compliance standards. Brands can now consider new cloud-based offerings, such as data residency-as-a-service services, to help store and process various data assets within many different countries. Retail SaaS providers can also integrate such capabilities into their offerings to ease customer adoption and win market share.
These cloud-based platforms help companies ensure that they are compliant with local data regulations. For example, if they’re shipping a product from the UK to the U.S., they’ll ensure that your transaction data is compliant from point A to point B. This reduces the need for brands to do it in-house, when many times they don’t have the internal resources or manpower to be able to handle dozens of regulations that vary country by country. And in turn, they avoid hefty fines or expulsion from countries entirely by meeting global compliance standards.
Ultimately, these solutions offer customers shortened time to compliance, improved data protection and enable accurate localization for the data that matters — and where it matters.
In return, this ensures brands are complying with data residency regulations and have the ability to expand into new countries and gain more customers.
So, retailers, the main question is: Are you confident you’re compliant with data regulations in the countries you operate in? And for consumers, it’s important to ensure you’re spending your money with brands that are. (P.S. privacy policies are a great place to start!)
Peter Yared is the Founder and CEO of InCountry, a regulatory technology company that is providing data residency-as-a-service worldwide. He has founded six enterprise software companies prior to InCountry that were acquired by Sun, Oracle, Citrix, VMware, Sprinklr and Prograph. Previously, Yared was the CTO/CIO of CBS Interactive, where he was responsible for bringing CBS into the cloud.