Data form the basis of loyalty programmes. You can’t do much without name and address data, transaction history and demographic characteristics of members. The new General Data Protection Regulation (GDPR) has a substantial impact on loyalty marketing. What are the dangers and how can you ensure that you can continue to use customer data?
GDPR is a regulation in EU law on data protection and privacy. It is introduced in order to give consumers control over their own data. Retailers are highly affected by it, for businesses rely strongly on customer data for their sales. Data collected throughout the customer relationship in order to provide better service to customers, often done so by using loyalty programmes.
The five most important rules from the regulation that have an impact on loyalty marketers are the following:
- Definition of Personal Data – GDPR states that an individual can be identified by an online identifier, or through geo location. This type of information thus falls within the legislation’s ambit.
- Opt-in – The way in which you ask consent from your customers to receive manifestations of marketing communication must be in a GDPR compliant way. This applies to both new and existing customers.
- Partners – customers also need to give their consent when you receive data from, or share data with, other businesses or brands. This won’t be an issue with the HEMA loyalty cards, for that data is unlikely to be shared with other businesses anyway. However, Air-France-KLM’s loyalty programme Flying Blue is founded on different parties working together to earn and spend miles and thus on exchanging data. They will have to make an effort to come up with a form of collaboration that is in compliance with GDPR.
- Communication – You need to be clear about what consent entails, the purposes data will be used for, and how long it is being retained. This information cannot be hidden within a long set of terms and conditions, as was the case with the cookie law.
- Right of access, editing and erasure – customers have the right to access personal data and information, to edit it and to erase it from the data base. When this request is in accordance with GDPR legislation, you need to comply with this within four weeks.
Your first step as a loyalty marketer is to check and map out your data base. According to the British retail management consultant Mark Beresford, the best way to do this is to create a data map based on the information obtained from the answers to the following three questions:
- Who in your ecosystem can connect with your data and which personal data is used with which providers and partners?
- Which personal data attributes and identifiers by other providers/partners/processors do you receive?
- What personal data do you hold within your systems and what do you pass on to third parties?
All of this will allow you to visualise the risks in the data management of your business and to see what remains to be done. However, it is mostly aimed at compliance, even though GDPR can fundamentally change the relationship between customers and brands. Consider for example web shops where you can log in via a third party, for example with your Facebook, LinkedIn or Google Plus account. When GDPR is in effect, these third parties, with customers’ consent, are able to demand that the original data sources are erased. That way, the retailer can no longer get to know the consumer, and purchasing with a Facebook account log in becomes the equivalent of paying cash in a store. The retailer no longer has the customer’s personal data.
The website MyCustomer argues that those who see the GDPR purely as a compliance matter are missing an opportunity. Their advice: agree where you will aim to achieve minimal viable compliance and where you can use the regulations to improve the customer relationship, so that he is willing to give his consent for using his personal data. It goes without saying that you need to be transparent about the purposes data is used for. Next, determine in which way you will ask consent (for the first time or again) in the same way you would develop new products or services: find out what customers think about how you use their data and test which design works best. This might mean you need to change the lay-out of your loyalty programme, simply because customers aren’t willing to hand over the required data.
The business community was already aware of the fact that data is worth money, but with the new regulation, consumers will also realise that their personal data are in fact a new currency. Perhaps this will lead to loyalty no longer being measured in the amount of purchases or the engagement on social media, but in the willingness of sharing data – the ones who disclose the most, get the highest status and/or the most benefits in the programme.