New GDPR regulations and the implications for post-purchase
The introduction of the EU Data Act, from September 12 this year, alongside reforms to the General Data Protection Regulation (GDPR), marks a turning point for retailers, explains Rory O’Connor, CEO of delivery management and post-purchase experience software company Scurri.
Far from being simply a compliance exercise, these changes present a chance to rethink how customer data is managed, particularly in the critical post-purchase phase. Delivery tracking, returns and ongoing communications all generate data that sits at the heart of customer trust. By treating regulatory change not as an obstacle but as an enabler, retailers can elevate the delivery and post-purchase experience, strengthen loyalty and unlock new growth.
Data transparency is seen as the foundation of trust. At its core, the EU Data Act seeks to create a fair and competitive data market by making data more accessible and usable, particularly from connected devices and IoT products. For retailers, this means data generated during delivery and post-purchase interactions (tracking updates, customer feedback, returns processes) must be handled clearly and accountably.
Shoppers today expect visibility, they want to know where their order is, when it will arrive and how to return it if needed. Transparent handling of this information will tick regulatory boxes but more importantly, it actively improves the customer experience. Retailers who adopt robust governance practices and provide customers with real-time, accurate updates can turn compliance into an engagement strategy. Transparency builds trust, and trust in turn builds loyalty.
Subscribe to TRBThe proposed GDPR revisions are particularly significant for small and medium-sized enterprises (SMEs). By reducing some of the record-keeping obligations and administrative requirements, regulators aim to ease the compliance burden without weakening consumer protections.
For SMEs this means more time to invest in customer-facing improvements. Freed from excessive paperwork, smaller retailers can direct resources into technologies that enhance delivery tracking, automate returns and personalise post-purchase communications. Rather than treating compliance as a drain on resources, SMEs can view it as a springboard to compete more effectively with larger rivals.
One of the most practical outcomes of GDPR reform is the introduction of updated Standard Contractual Clauses (SCCs), designed to make cross-border data transfers smoother and more secure. For retailers, this change is particularly relevant in an era when the international element of ecommerce for retailers is growing.
Customers expect a consistent experience whether they are shopping locally or across continents. By aligning delivery and post-purchase processes with these new mechanisms, retailers can expand internationally while guaranteeing that customer data is handled to EU standards. This reduces friction, removes barriers to trade and enables retailers to deliver seamless experiences that drive loyalty.
These capabilities work well for post-purchase communication which is one of the most powerful yet underused levers in retail. Customers are often more receptive to messages after they have made a purchase, provided those messages are timely, relevant and valuable. Under GDPR, such communications are permissible but only when they respect transparency, choice and consent.
Handled responsibly, this opens the door to personalised post-purchase journeys that deepen relationships. Retailers can use data to provide proactive updates, tailored offers or aftercare, all within the legal framework. Done well, these communications do not feel like marketing, they feel like service, a distinction critical in building repeat business and long-term loyalty.
The convergence of the EU Data Act and new GDPR provisions reframes compliance as more than a legal necessity. Retailers who embed regulatory principles into delivery and post-purchase operations are sending a powerful signal to customers, that their privacy, trust and experience matter.
This alignment between regulation and customer experience is not just defensive, it creates competitive advantage. Retailers that consistently demonstrate responsible use of data will strengthen brand reputation, earn deeper trust and position themselves as customer-first in a crowded market. At a time when delivery and post-purchase are often the decisive moments in customer loyalty, this differentiation matters.
Regulation can feel burdensome, but the new data landscape should be seen differently. By embracing transparency, simplifying compliance, enabling secure cross-border trade and personalising communications within safe boundaries, retailers can transform post-purchase from a cost centre into a loyalty engine.
Turning regulation into action
For retailers, the next step is to translate regulatory principles into practical improvements. The EU Data Act and GDPR reforms make it clear that data transparency, accountability, and customer trust are now integral to growth. To put this into practice, retailers should focus on three areas.
First, create transparency in delivery communications. Real-time updates, branded tracking and clear return processes not only meet compliance expectations but also enhance the customer journey. Second, align data handling with international expansion. By building post-purchase operations on frameworks like the updated Standard Contractual Clauses, retailers can expand cross-border trade without compromising security or trust. Finally, personalise responsibly. Tailored post-purchase communications, when relevant and transparent, can turn one-time buyers into loyal customers.
When it comes to data management retailers should look at all suppliers to ensure they meet the needs of new regulation. From how and where data is stored, security protocols to minimise cyber attacks, and ISO certification, proper vetting of suppliers can ensure data regulation is achieved.
These steps show that compliance is not just about avoiding penalties but about building stronger relationships and long-term loyalty. Retailers who integrate trust and transparency into the post-purchase moment will be best positioned to differentiate in an increasingly competitive landscape.
