What has GDPR meant for data management?
As you will no doubt be aware, the new GDPR legislation came into play on 25th May 2018 after many years of planning and preparing. The build-up to this date was huge with many articles, blog posts and emails regarding the significant changes cluttering up our inboxes and feeds. But now that the date has come and gone, where does the land lie now when it comes to loyalty programmes? To recap, the key area for loyalty programmes is that you should avoid making consent a precondition of a service.
So, if your loyalty scheme allows people to collect points when they shop, which they can then redeem against future purchases, you can no longer require them to consent to marketing emails in order for them to collect these points. Of course, the big change was the collection of data in the first place, namely that if you collected customer data prior to 25 May 2018, you should have ensured that they were provided with a privacy notice meeting the requirements of the Data Protection Act at the time.
When it comes to loyalty programmes, in this post GDPR landscape you need accessible data more than ever. Forget multiple databases, vague statistics and one set of info for marketing and another for sales. One key part of GDPR was access to data and withdrawal. This does mean that controllers of data (retailers) must keep a record of how and when an individual has given consent as well as understand that they may withdraw their consent at any time. This is all with the aim of giving people more control over their personal information and how it's used. Something that many businesses didn’t know before the legislation came into practice is that GDPR ensures that people can ask to access their data in what’s known as “reasonable intervals", known as the rule of withdrawal. Under this new rule, your customers will have a right to withdraw their information from your database. You will have 1 month to comply with this request. You will need to offer the same method to withdraw that you use to gain consent. You also need to consider how to secure personal data.
Whilst GDPR leaves this decision to each individual data controller (retailer) and at present, the regulation does not go into very much detail, one solution could be to separate personal and non-personal information, creating two different sets of data. This will help to improve anonymity when using analytics tools for marketing purposes.
At Tranxactor, we are able to help import your legacy data into our Thor system and we are also able to offer full GDPR-compliant data management for Loyalty Programmes, even helping migrate your current programme. The other area is partnerships, something your loyalty programme may be based on.
In short, when you partner with other brands, you will need to check their consents too. Ensuring you have a clear strategy that has devised the right, compelling reward for customers will increase your likelihood to acquire and gain consent from your new customers.
The key point is that loyalty schemes are still relevant and incredibly powerful if you can demonstrate great data storage and genuine legitimate interest to stay in touch.
If GDPR has shown us anything at this early stage it is that customer trust cannot be bought and must be earned. Therefore, it is important for retailers to ensure utmost transparency with their customers, clearly explaining to them the benefits of a data-value exchange. Many large businesses have found preparing for GDPR to be challenging, but the good news is your loyalty programme at its core may be compliant as long as you have run an audit your database and checked your consents. Keeping good databases, at scale, is key to partnerships success; they are your gateway to creating mutual partnerships with the biggest and best brands.
Why not check in with us for advice and guidance? Tranxactor does have the platform to offer full GDPR-compliant data management for Loyalty Programmes and we can migrate existing programmes into Thor. Talk to us today.