Permission requirements now mean that you must be much more discerning and strategic about how and when you gather customer data. It also means you must be much more careful about where data is stored.

PII (‘Personally Identifiable Information’) on your customers as defined by GDPR can now include almost anything that can be directly linked to a name¹.

This poses a particular challenge in a sector where around 84% of companies do not currently obtain consent before using customer data², and where 66% feel they would not be able to comply with provisions like the right to be forgotten³.

As we’ve stated already, some major vendors like Microsoft are already making it easier to ensure compliance on the second point. The responsibility, however, is still yours.

Your online arm collects more customer data than any other – including their most sensitive private and financial information.

This information is always regarded as high risk, so breaches here could signal the deathblow for your business.

Since many retailers (53%) have cited the difficulty of keeping up with digital change as a major challenge to GDPR compliance4, this will be a key area for development.

With that in mind, you’ll need a secure internet gateway solution to guard against the most common entry points for attack. You’ll also need a robust password management program with ample security training for all your people.