GDPR @Zalando

In 2016, the European Parliament adopted the General Data Protection Regulation (GDPR), a regulation within EU law intended to offer individuals more control over how their personal data is used.

In order to better understand how the regulation affects e-commerce in general, Zalando and our customers, we spoke to Jan Wittrodt, Senior Lead Data and IT Law, who is responsible for all matters of IT law, including data privacy, data marketing, artificial intelligence and machine learning, as well as the digitization of Zalando’s legal department.

How does Zalando meet the requirements of the GDPR?

As one of the leading platform businesses in Europe, Zalando is familiar working with strict regulations (especially compared to US and Chinese markets) and is used to navigating the challenges involved. We are proud to call Europe our home, and we operate within the framework set by EU law and EU regulations. Zalando approaches the GDPR as we do any other new regulation or legislation. Our interdisciplinary teams of lawyers, and technology, product, and design experts worked on the implementation of the GDPR to make sure that Zalando complies with the requirements that took effect May 25th. Furthermore, we are in continuous talks with other digital companies and experts to exchange thoughts and knowledge concerning the interpretation of the GDPR.

Jan Wittrodt Senior Lead Data and IT Law
Jan Wittrodt, Zalando Senior Lead Data & IT Law 

How does the implementation of the GDPR affect Zalando’s customers?

For us, customers and their needs come first. Data security and data protection, therefore, were important topics to us since before the implementation of the GDPR. Over 23 million active customers trust us with their personal data and we’re aware of how crucial it is to justify that trust. Since its founding as a German company, Zalando has operated under strict German data protection laws. We believe it is our job to handle this data responsibly and protect it from unauthorized access. With this in mind, we set ourselves high standards to keep the risk of data security breaches to a minimum prior to the implementation of the GDPR. These same principles are also crucial when implementing the GDPR. According to the higher requirements of the GDPR, Zalando increased its documentation, reporting, and the security of its processes even further. Moreover, with effect from May 25th, our customers benefit from an even more detailed data protection declaration, which will outline how Zalando processes its customer data. The regulation is all about putting control into the hands of the individual, and we’re committed to honoring that.

What kind of data does Zalando collect?

We gather two different kinds of data about our customers: “Process data” (content and transactional data like name, address, payment details, etc.), and “clickstream/tracking data”  (follows the customer’s journey online; on and outside of Zalando premises). Process data is used to perform the contract when a customer submits an order. Clickstream data is used for three functions: personalization, AI and machine learning, and marketing. All data is either pseudonymized or aggregated to ensure customer privacy. Offering a personalized shopping experience has always been important to Zalando. Personalization is reflected in the experience our customers have when they shop with us, our assortment, as well as our payment and delivery methods. By committing a team of 600 Zalando employees, comprised mostly of software and data engineers, to developing a multitude of products, we will bring personalization to the next level in our store. Tech is shaping fashion, and over the next 12 to 18 months, our customers will begin to enjoy new developments across every part of the customer journey. To reach our goal of providing 23 million Zalando stores to our more than 23 million active customers, we are leveraging AI and machine learning solutions. 


Related Content