Privacy and Digital Transformation: the retail relies on a Trust policy

Cybersecurity and digital trust

Posted on

Ensuring the respect of privacy in a digital world not only requires integration into every project, but integration into every company culture. This approach will also facilitate compliance with new regulations in the respective countries.

Analytical assessment of a concrete project within the mass retail sector, made possible thanks to the testimony of Armand de Vallois, Consumer goods & distribution expert from Wavestone.

This blog post is a part of a serie of articles which is itself the result of a synthesis on Privacy at the digital age published on our website. 

What changes have occured over the last few years in the mass retail sector?

Over the last decade, we have shifted from a distribution model focusing on costs and volume to a model based upon understanding our customers. Mass distribution is thus a thing of the past, as it completely overlooks the interests of the customer relationship. Nowadays, our model gathers and stores knowledge about our customers, allowing us to develop closer proximity with the customer and loyalty programs which support the frequency and consistency of their purchases.

How should organisations handle such changes?

In recent years, awareness by business stakeholders of the opportunities that come with the high potential of customer data has increased. Nevertheless, resources must be used wisely in supporting the efforts of organisations to get closer to their customers. Data must be collected, handled and reconciled against frameworks which correspond to customer expectations and regulatory requirements. For example, the “opt-in” option is a good way to ensure that customers are well informed and accept the collection and processing of their data. Increasingly, rewards are used as a means for encouraging customers to accept the disclosure of their data. However, this model has its limitations. It is essential to ensure that services are of interest to customers and contribute to the ease of their lives, as well as ensuring that individuals have agreed to provide their data.

Do you have some examples of projects which created apprehension?

The introduction of RFID chips (integrated technology which enables the identification and follow-up of objects or people) in electronic tagging is a good example. Many projects have been launched in the textile industry based on optimising production costs, inventory automation in stores and warehouses as well as the ease of chip insertion into clothes. It is crucial to have real-time knowledge of stock levels and to have reliable information in an omni-channel context, where it is increasingly common to see online purchases made ahead of in-store collections. RFID chips can also contribute to data production based on customer journeys and the actual product itself, for example calculating ratios to record the number of times a product has been tried on in a fitting rooms compared to successful purchases of that product. This type of information is essential in the context of fast fashion in the textile industry. However, such chips are also a cause for concern. For example, salesmen can “potentially” connect a customer to a product (the RFID chips use unique identifiers) and track their activity over the duration of their shop visit (the chipset remains activated).

How did you adress these concerns?

We implemented what we call “Privacy By Design”, which goes beyond strict principles regarding chip use (identification and follow-up of products, not customers) and incorporates several other principles:

  • A visible marker showing that clothes are equipped with a RFID chip
  • Training sales teams so they are better qualified to respond to customer queries, such as informing customers that chips may be removed by cutting the tags attached to a product, a service offered in stores, or declaring that the company in question will never connect a customer and a chip
  • Dedicated webpages for communicating all information required to understand the chip and the data it collects

These are some examples of best practices which are applicable to all projects involving the treatment of sensitive data. We must lead by example when handling and informing individuals about how to handle such data. It is therefore crucial to reassure customers and answer their questions so as to anticipate and alleviate their concerns.