How to ensure secure data management across online sales channels

E-commerce has become almost central to any business, irrespective of whether they are B2B or B2C orientated. Overall, online sales are forecast to grow to a quarter of total global sales by 2025.*

E-commerce marketplaces provide ample opportunities to tap into expanding customer demand. Market dominators, such as Amazon, grant Business-to-Consumer (B2C) brands significant visibility across online audiences. The same online visibility would be difficult to reach via an independent online presence.

Regarding Business-to-Business (B2B), suppliers are expanding their e-commerce ability with industry-relevant online sales channels, such as Procure-to-Pay marketplaces.

However, whether these businesses ensure secure data management across their e-commerce channels is another matter. This blog describes the essential steps for data compliance and database security, applicable to the entire supply chain network.

The accelerated increase in digital interactions and online sales in recent years has only highlighted the imperative need for robust data security and strict regulation.

The UK Government Department for Science, Innovation & Technology (DSIT) estimated that there were 2.39 million instances of cybercrime in the previous 12 months alone.***

Retail business is a target for cybercrime and data breaches due to the nature of the information that they hold and process as part of the order fulfilment cycle, which is typically financial and personal (e.g. Personal Identifiable Information – PII).

Data security has been the subject of government legislation in recent years. Most notably General Data Protection Regulation (GDPR) under the Data Protection Act. This was ratified in the UK in 2018 and is guided by 7 principles:

D2C businesses need to prioritise conducting a secure data management audit. This can be approached in two stages:

To reassure our clients as their sub-processor that we are following cybersecurity best practices, we comply with Information Security Management ISO20071 and hold Cyber Essentials certification. We can also comply with requirements to host data within the jurisdiction(s) applicable to our clients, avoiding the complexities of legislation regarding the ‘safe-harbour’ of data.

For many, a central challenge of managing Direct-to-Consumer (D2C) online sales is maintaining an efficient order cycle alongside other sales channels.

Keeping control of costs, supporting scalability, and expanding market reach must be priorities as online purchases grow. Utilising online marketplaces to facilitate this growth is a strategy many brands adopt across various business verticals.

But how to ensure efficiency when managing these new sales channels? Market insight providers such as McKinsey and Gartner have stressed the need for businesses to invest in the supply chain and the automation of processing to stay ahead of the game:

Businesses are already facing significant challenges associated with managing the order cycle from online marketplaces. Without automation of communication between marketplaces and business systems, there can be complicated manual processes to route necessary data across the supply chain so orders received can be fulfilled. It can also cause significant bottlenecks for businesses that have high order volumes. Therefore, many businesses are leaning on third-party service providers to automate processing and provide an efficient order cycle.

However, marketplaces are scrutinising sellers and their third-party service providers regarding secure data management and data loss prevention. So, on top of the legal requirements mentioned in the previous section, online marketplaces are introducing terms and conditions with strict limitations on PII data. Top marketplaces are clamping down on the sharing of PII data with third parties unless they are properly vetted. Therefore, businesses face a greater dilemma if they rely on data sub-processors (e.g. 3PL, EDI providers or integrators) to deliver efficiency and automation.

This is particularly true for those using Amazon Seller Central as a D2C channel. For Seller Central account holders, particularly those with Direct Fulfillment accounts, Amazon will only share PII data with endpoints that they have approved and can trust. Whilst Amazon’s policy is considerate of data security, it can be restricting and generally results in PII data only being sent directly to the seller rather than the parties involved in the order fulfilment process (e.g. 3PL). To avoid this bureaucratic headache, businesses utilising the marketplace need to ensure they and all their sub-processors are compliant with the necessary security and data protection protocols. As it stands, Amazon will not permit PII data to be routed to third-party providers unless they have achieved trusted Amazon Selling Partner status.

For example, businesses can consolidate all order information from their various sales channels, including Amazon, automatically into their Enterprise Resource Planning (ERP) system. We can also offer this secure data integration service for many other online marketplaces, such as the ones included in this blog. B2B suppliers and manufacturers can also capitalise on the advantages of utilising marketplaces. Many Procure-to-Pay platforms actually offer this functionality to enable the full automation of the procurement process. We have a number of resources on this topic, including a whitepaper that provides a detailed client success story.