Retailers need to move quickly to comply with GDPR regulations if they have loyalty schemes.
Under the new GDPR framework, personal data is defined as any information relating to an identifiable person who can be identified directly or indirectly by an identifier such as a name, an identification number, location data or an online identifier – all things that probably form the basis of a retailer’s loyalty programme or scheme. Coupled with ‘features’ such as online profiles/ points systems all through to the mail being sent out to loyalty participants and the printed name on a loyalty card, the message is clear – GDPR compliance shouldn’t start and end with the marketing function of a business.
It is key that retailers rapidly review their loyalty programme. Not only is this a rich source of highly personal data, it’s also something that many retailers are leaving to the last minute to consider when it comes to GDPR.
Smart retailers will be looking at technical solutions that can help them manage personal consumer data so that it is compliant and secure, without losing the rich insights they may have built up over many years, or even decades.
In fact, GDPR provides a massive opportunity to totally revamp a loyalty programme that may have become a bit jaded with a once in a moon chance to clean up legacy data and mass communicate to the database to update ‘opt-ins’ to more granular consents. Migration to a new GDPR-compliant system may indeed be easier than trying to retrofit a legacy system.
Compliance isn’t a job for the marketing team alone.
The whole organisation needs to pull together to make loyalty programmes compliant and future proof, backed by strong legal advice. When it comes to loyalty data, whilst personalised communications are going to attract attention in the media, GDPR potentially impacts on almost any consumer touchpoint including web and mobile apps, and it’s easy to forget about the rules around data storage and access that will start to come in.
Our system provides functions for consent management, contactability, anonymization, archiving, data access and deletion in accordance with GDPR guidelines. Migration to Tranxactor’s platform could save businesses a lot of time and money when considering the scale of changes for GDPR compliance which is just a few months away.
Here are our tips for retailers looking to get ahead.
1) Invest in the right systems
With big fines for non-compliance, now is not the time to scrimp on time or investment in getting this right. Whether you bring in consultants, new systems or actively get people on the ground to comb through rogue databases and loopholes that could leave you exposed, spend the money now and avoid big headaches early.
2) Understand what you hold – why, and for how long
Work with marketing to understand what data they need and what they hold. Can you really state that you need all the data you have and are you able to give evidence that you are holding it for a reasonable period of time?
3) Check your 3rd party agreements
If you work in partnership with other retailers or affiliates as part of your loyalty programme, check their GDPR policies to. As a 3rd party who will receive data from you, you need to ensure you are comfortable with how they handle data.
4) Consolidate your databases
Ideally, consolidate your databases into a ‘single source of truth’ and anonymize all others. This will make GDPR compliance much easier!
5) Turn GDPR from a threat to an opportunity!
Revamp. Re-align. Rebuild. Relaunch. Leverage GDPR into a powerful marketing opportunity.
Get in touch with your local office today – click here to access the details.