EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Irish retailers face a data dilemma: shoppers want personalisation but demand privacy. Trust and cyber resilience are now critical.
In brief
- Irish retailers face a data dilemma: consumers want personalisation but demand privacy, making trust and cyber resilience critical for growth.
- Fragmented data, weak vendor oversight, and unclear policies hinder progress; regular tech reviews and transparent practices are essential fixes.
The shopping experience has evolved. From yesterday’s printed brochures to today’s predictive AI, shopping behaviours have advanced, and customer expectations have increased significantly. In 2025 consumers expect tailored experiences, fast service, a smooth checkout and continuity across retail omni-channels. They also demand privacy and security if they are to trust their preferred brands.
But trust has limits. After years of data breaches and unclear policies, many consumers are opting out of sharing personal information. EY Ireland data shows only 31% of Irish consumers are comfortable sharing publicly attributed data with consumer-facing businesses.
Retailers are expected to personalise from a consumer perspective, but the data they need to do so, is getting even harder to access. Customer trust depends on systems that demonstrate privacy is being taken seriously. Security also matters for broader risks, including cybercrime - one of many reasons people are reluctant to share their details.
Undertaking regular technology reviews is fast becoming essential for retailers to assess their readiness to meet consumer expectations for personalisation. These reviews help clarify if systems will be able to support a hyper-personalised approach, whether AI pilots can be introduced to improve efficiency and effectiveness, and if data environments are equipped to respond to emerging cyber threats. Undertaking a review becomes part of a broader business effort to build capability across customer experience, operational performance, and digital resilience.
But, right now, most retailers aren’t ready when it comes to customer reassurances and cyber defence. Challenges include:
1. Disconnected customer data and the cost of confusion
Retailers gather data from apps, websites, loyalty programmes, promotions, and instore systems. But customer insights often sit in silos, are misaligned or incomplete. A one-time browser isn’t the same as a weekly shopper, yet without clear profiles, retailers struggle to tell the difference. Messaging loses relevance and product suggestions feel random. And when consumer recognition is missing, trust fades fast. EY’s retail survey shows what can help consumers: 66% of Irish consumers trust tailored offers. Wish list alerts (69% interest) and saved carts also improve the experience.
The Business Solution? Build smarter data systems to decode your customer preferences. Use in-house know-how or external support to set up clean, consistent processes. With reliable profiles in place, marketing becomes sharper, faster, and more relevant
2. Data rules not working
Many companies are still catching up with privacy laws. Internal policies are often fuzzy, ownership is split between teams, and compliance is often treated as a tick box. Retailers in Ireland take GDPR seriously, but compliance often sits outside broader strategy.
The Business Solution?: Data policies benefit from clarity and consistency across teams. In some cases, external expertise helps shape practices that reflect current regulations. When compliance is part of how things are done day to day, it supports trust and creates space for creating better customer experiences.
Data owned by consumer facing organisations comes with responsibility. Privacy laws are getting tighter, and regulators are increasingly watchful. In Ireland, if data practises aren’t clear and respectful it’s both a legal risk and a reputational one.
3. Vendors are a weak link
Retailers can depend on a long list of third parties; payment processors, shipping platforms, email tools and a myriad more depending on the nature of the business. Each one adds a layer of risk. If vendors aren’t properly vetted and monitored, they become open doors for cyberattacks. In EY’s recent Cyber Index, 68% of respondents say that protecting against supply chain and third-party cyberattacks is a top priority for their business.
The Solution?: Thoroughly vet and monitor third party vendors. Implement rigorous vendor management best practices to reduce risks associated with third-party relationships.
4. Many companies are flying blind on cyber
Cyber threats keep changing and are rarely predictable. Retailers have seen incidents expose weak spots such as slow detection, scattered response, unclear recovery plans. Breaches often surface late and pull in teams that haven’t worked through a shared approach. This is now a leadership issue. It calls for solid systems, dependable vendors, and regular drills. After recent events, the question is clear: can the business keep going when disruption hits?
The Business Solution?: Enhance your cybersecurity measures and take a proactive approach. Recognise the importance of security and have established plans to address potential breaches quickly. Access to advanced cybersecurity frameworks can aid in development of comprehensive strategies for identifying and resolving threats.
5. Shoppers don’t always understand how their data is being used
Data breaches significantly erode trust, and cautious consumers hold back. When customers stop sharing data, personalisation stalls. Shoppers will still share, but only if the value is clear to them and security is solid.
Trust is the cornerstone of the retailer/customer relationship. When data breaches happen, they shatter this trust. Retailers need to demonstrate absolute transparency about how they both use and safeguard their customer details. When shoppers feel their data is in good hands, they’ll share it.’
Cillian Leonowicz
EY Ireland Partner and Head of Strategy & Architecture, Technology Transformation
The Solution?: Cleaning up internal systems, being honest about data use, and tightening up every link in the chain from suppliers to software. Being open about how customer data is used and showing that it is safe can help build customer confidence and loyalty.
In a world of personalisation, shoppers simply expect to be recognised and benefit from a tailored customer centric experience. Brands who succeed in delivering this personalised approach, meeting their customer needs across the omni-channel, have the greatest opportunity to drive customer profitability and differentiation.
In conclusion,
Retailers are investing in data however customer returns are dependent on trust. Shoppers expect tailored experiences, but after years of breaches and vague privacy terms, new and improved systems need to be secure, clear, and designed around the customer.
The retail cracks are clear with fragmented customer data, weak oversight and reactive cyber strategies. Fortunately, the fixes are equally clear. Start with practical steps to rebuild trust. Strengthen operations by focusing on cyber resilience. Schedule regular technology reviews and define a data strategy that puts the customer at the centre and supports growth.
Summary
Retailers face a data dilemma. Consumers expect hyper-personalised experiences but hesitate to share personal details after years of breaches and unclear policies. Only 31% of Irish shoppers trust businesses with public data. Retailers must strengthen privacy, cybersecurity, and vendor oversight while integrating fragmented data systems. Regular tech reviews and transparent practices are essential to rebuild trust and deliver secure, customer-centric personalisation.