One year of GDPR at Zalando

Stiftung Warentest tested the personal data disclosures of 21 companies. Zalando is among the top three in this analysis.

For a year now, individuals and companies in Europe have been living under new data protection rules. The General Data Protection Regulation (or DSGVO in German), which became mandatory in the European Union on May 25th, 2018, has been the subject of many discussions since. In recent months, the non-profit German consumer organization Stiftung Warentest tested several companies on how effectively they deal with the laws concerning personal data. Zalando made it into the top three. Malgorzata Steiner, Zalando’s Legal Counsel in Data & IT Law, speaks about the first year of GDPR at Zalando and the results of the Stiftung Warentest.

The past year of GDPR has been a year of change, of better data protection, but also a year in which the requirements for companies were never fully clarified. Looking back, how would you evaluate this past year for Zalando?

We have made a lot of progress this year. Data protection can only work if all departments in a company participate and make sure that the respective data is handled carefully in their day-to-day work. To this end, we are creating new central solutions that make storing and managing data easier and clearer. Since the General Data Protection Regulation was a huge topic of public debate, interest in it has increased among many employees. 

At the same time, there are still many open questions regarding the interpretation of the GDPR. We try not to let this stand in our way too much because, to be honest, many of the current legal debates on GDPR issues would not lead to an improvement in customer protection. Improvements can often be achieved through technical safeguards, better control of access to data, more transparency and control for customers.

Zalando SE Newsroom Story 1 Jahr DSGVO Margo Steiner
Malgorzata Steiner, Zalando’s Legal Counsel in Data & IT Law

In recent months, Stiftung Warentest tested how various companies dealt with the right of consumers to access their personal data. How did the testers measure success and what was their verdict?

The organization created customer accounts with 21 companies, and after briefly using their accounts, requested their personal data. Google and five providers each from the areas of social media, shopping, dating, and fitness were all asked to provide data. Among other things, the test examined how quickly the personal data was received, how it was transmitted, and whether the information it contained is clear and complete.   

Zalando's personal data disclosure is ranked among the top three. How does the result stand out from the other companies tested?

Zalando's disclosure, according to the testers, is easy to read, contains comprehensive information about the user’s data, and explains the data-processing procedures - for example, the purpose for which the personal data is collected.

We want to fully automate the process so that personal data can be provided with a single mouse click.

Malgorzata Steiner, Zalando’s Legal Counsel in Data & IT Law

The personal data requirements are widely disputed, and there are already a number of official procedures underway that will help clarify the requirements. What could this change?

The scope of the personal data claim under the GDPR is not entirely clear. Some interpret the article as a tool to help consumers get an overview. The others assume that any data personal data request should include a copy of the existing data. This raises the question of how to make a copy of data from databases easy to read. Such information, if requested now, would only be readable by professionals and IT specialists, but not by normal users who want to gain an overview of the data and data-processing procedures.

Why we need customer data

At Zalando, we need customer data to process orders. Digital companies like Zalando rely on the analysis of a wide variety of data to constantly improve the quality of their services and react flexibly to new needs. For example:

Search functions and personalized shopping: In order for customers to be enthusiastic about our online shop, we have to offer them added value within the framework of customer experience. Personalized recommendations, which are automated learning systems for detailed data collection based on artificial intelligence, are a good example. This way, we can use personal data and evaluate it to meet today's customer’s expectations and offer them an ideal shopping experience.

Algorithm-driven predictions: Data on orders, combined with data analytics, also play an important role in logistics management so that we can understand and predict where demand is and where it will be growing. This enables Zalando to economically and ecologically optimize warehouse and delivery capacity and ensure that the right customer gets the right package delivered to the right address.   

Anti-fraud: Zalando uses AI-based technologies to detect fraud patterns and new attack vectors in time and to protect honest customers from account takeovers. Using data within the ongoing payment process, these technologies can also detect new fraud patterns before they take hold and cause damage.

To what extent and in which areas are we continuing to work on improvements?

We want to fully automate the process so that personal data can be provided with a single mouse click. We are also working on making the information even more attractive and more detailed without being overwhelming. Our goal is to make it immediately clear to every customer what data we store and how it contributes to the quality of our services. We are working hard so that soon every customer will be able to see an overview tailored to his own needs directly in his customer account.

What will another year of GDPR bring us?

At Zalando we will focus on giving customers more control over their data and even more transparency concerning the use of it. As the digital world is complex, the task of "creating more transparency" and offering more choice to customers is also complex, but we have a dedicated team that is committed to the task.

And what do companies like Zalando hope for?

In the public debate, we would like to see more focus on data protection measures that actually increase protection while enabling innovation. In Europe, we cannot limit ourselves to trying to reclaim a past where very little data was processed and services online were neither personalized nor attractive. Rather, we should help shape digital progress, looking for ways to be innovative, to better meet customer expectations and, at the same time, to offer a good level of data protection. For Zalando, the effective use of data is a prerequisite for being able to provide our customers with the services they want and expect from us, and for us as a company to use our resources efficiently and in an environmentally-friendly manner.

Why is data collection and protection an important issue in Europe?

For Europe as a whole, the effective use of data means an opportunity to tackle key societal challenges such as health care in an ageing society, dealing with the consequences of climate change, and planning growing cities. I think as Europeans we should all hope that data availability and the effective use of it are perceived as an opportunity and not as a threat.

Related Content