With less than four months to go until it becomes UK law, I’m sure many retailers feel they’ve heard more than enough about GDPR.

Spoiler alert – I’m about to tell you otherwise.

That’s because the GDPR conversation has been dominated by concerns about how customer data is used and how retailers can ensure their external marketing efforts stay within the new rules.

There has been far less discussion among retailers about the risk posed by the way their staff are currently communicating between themselves.

We recently conducted research that suggests the majority of retailers need to start having this conversation sooner rather than later.

“The regulation puts the onus on companies to prove that they know where their data is stored, and when and how it’s being used”

When we spoke to store managers at 75 of the Retail Week top 100 retailers about their communication preferences, over half of respondents said that some kind of consumer messaging app is the main way they keep in touch with their teams.

Around 40% rely on WhatsApp, making it the most popular channel by some distance.

It’s not hard to understand why – with a group chat you can quickly and simply share information and see who’s read your messages and when they’re replying – all from a device you keep with you at all times. On paper, it could be considered ideal for the fast-paced world of retail.

But after a while of using WhatsApp or its equivalents, a number of key drawbacks have become evident, to the extent that these apps have been nicknamed “shadow communications” by internal communications experts.

Difficulties ahead

Chief among these is that for head offices, it is very difficult to effectively monitor their use, and from a GDPR perspective, this could prove extremely costly.

The regulation puts the onus on companies to prove that they know where their data is stored, and when and how it’s being used.

Given that current evidence suggests employees are responsible for more data breaches than any single other source, it is almost impossible for an organisation that has staff using shadow communications to meet this obligation.

As well as the potential for long lasting reputational damage (TalkTalk lost 100,000 customers after its high profile hack), the Information Commissioner will be able to issue fines as high as 4% of worldwide turnover for the worst offenders.

This alone should be enough motivation for those who aren’t already reviewing their internal communications policies to get an action plan in place.

However, there is a carrot to go along with the GDPR-shaped stick.

“It is almost impossible for an organisation that has staff using shadow communications to meet this obligation”

Forward-thinking retailers who have already moved on to in-house alternatives (accounting for about one in 10 of our survey respondents) have realised that having a company-wide mobile communications platform can be good for everyone involved.

Staff feel more valued and engaged, leaders can stay connected to the shopfloor, problems can be fixed more quickly and new ideas can come from any level and any location. All of which lead to a better customer experience.

A work in progress

And the good news is there is still lots of room for improvement as the bespoke services learn what works for their early adopters and continue to develop their technology to suit the specific needs of retail workforces.

The growing market now spans household names like Facebook (Workplace) and Microsoft (Yammer) through to newer startups such as Stride and Yapster.

What unites us is a belief that creating a culture of success starts by enabling genuine two-way conversation throughout the organisation.

While this might require a big cultural and technological shift, we’re confident that GDPR’s legacy can be a quiet revolution in the way staff interact that will make a career in retail even more rewarding.

Rob Liddiard is co-founder and chief executive of Yapster