Will European Customers Trust You With Their Data?
There has been much talk the past six months or so around the striking down of the existing Safe Harbor transatlantic data-transfer agreement. And while an agreement was ultimately reached—known as the EU-U.S. Privacy Shield—there are still hurdles to overcome before everything is finalized.
There may also be confusion around how this new agreement relates to other shifts in customer data privacy and security recently announced across the pond. What are these shifts? The rules and regulations regarding how merchants and retailers capture, store, share, and process customer (and staff) data are changing in Europe. These will apply to all European Union (EU) member states without a need for local legislation. At the start of this year the European Commission unveiled a draft of its European Data Protection Regulation, which is anticipated to take the place of its previous Data Protection Directive. The purpose of the change is to align and update data protection across the EU. One continent, one law. This impacts not only those businesses within the EU, but also businesses that target goods or services at EU consumers, too.
The Regulation is anticipated to be implemented and enforceable by 2018. At that point, all businesses will have to be ready for key changes to how personal data is collected, stored, and processed; there will also be changes to how data breaches are reported. The consequences of non-compliance will increase greatly as well. The current draft outlines that fines could be as significant as 4 percent of global annual turnover. This alone is enough of an incentive for merchants and retailers to sit up and pay attention.
Perhaps you are thinking this doesn't apply to retailers and service providers in the U.S., particularly with the new framework. However, I'd be cautious with that assumption. As stated, businesses that target goods or services at EU consumers will be expected to comply.
One thing is certain—the rules and regulations around all of this are a bit unclear at the present time, to say the least. Regardless of how this all shakes out, there is a high level of mistrust among European consumers when it comes to U.S. businesses protecting their data.
My take on the situation: Whatever the ultimate outcome of these new and forthcoming data security requirements, they actually offer a great opportunity for U.S. merchants. By complying with European standards, you are demonstrating to European prospects and customers that you are a trustworthy business and that you will protect their data. It may all seem overwhelming, but if you work with service providers with data centers in your target European markets, they will have the local knowledge and resources required to help your company be compliant. The investment is fairly small, at least from a customer payments point of view, and in fact is likely less costly than transferring customer data back to the U.S.
Your brand name can be easily ruined in Europe if there is a data breach in the market. It is very hard to regain trust—especially where there is already a strong lack of trust among European consumers who are sensitive to the protection of their personal data given the revelations from the Edward Snowden leak about big providers that let the U.S. government tap into their data. It can take a long time to earn a positive reputation—and very little to quickly lose it.
There are many Europeans who feel that even with the new EU-U.S. framework, promises are bound to be broken. If a breach should happen, the public outcry in Europe will be substantial. Those merchants that comply with EU law will have a significant advantage.
If you are a retailer seeking to extend your global reach and/or retain your position in Europe, I recommend you take these new rules seriously and move toward adoption now. The regulations present a good opportunity to demonstrate your commitment to European consumers and to protecting their privacy. If you don't, your competitors may beat you to the punch, and you could risk losing market share moving forward as a result.
Andre Malinowski is head of international business at Computop. He is responsible for driving and growing Computop's international business in the U.S., U.K., and China. His area of expertise lies in payment services, in particular international credit cards, local debit cards, and alternative payment methods available around the globe. In October 2015 he joined Computop from ModusLink, where he was the global director for ModusLink's financial management solution.