A new study released this week has found that a staggering number of UK retailers do not meet customer privacy standards.
New research carried out by Compuware has found that 77 per cent of retailers don’t know how they will respond to the new EU General Data Protection Regulation (GDPR).
Despite Brexit, UK companies must meet these standards in order to trade with the EU, as does the US.
The study has found that 71 per cent of retailers surveyed do not always know where their customer data is, while 24 per cent couldn’t ensure they’d find it at all.
Only 16 per cent of retailers ask for consent before using customer data and over two thirds said they’d find it hard to comply if asked to exercise a customer’s “right to be forgotten”.
Over half of these cannot guarantee data will be de-personalised, putting customer data at risk.
This is attributed to more complex IT systems and many retailers being unaware of the recent changes to the regulation, or that they have to comply at all, with under half being briefed about the GDPR.
“To comply with the GDPR, retailers need to keep stricter control of where customer data resides,” Compuware technical director Elizabeth Maxwell said.
“If they don’t have a firm handle on where every copy of customer data resides across all their systems, retailers could lose countless man-hours conducting manual searches for the data of those exercising their ‘right to be forgotten’.
“Even then, they may not identify every copy, leaving them at risk of non-compliance.”