Liquid Barcodes


What Must Convenience Retailers Do to Ensure their Customer Program is GDPR Compliant

Mads Moerk, CFO Liquid Barcodes


This article was originally published in Global Convenience Store Focus.

The EU’s new General Data Protection Regulation (GDPR) legislation on data protection and privacy comes into force in less than 7 months in May 2018 and has a wide range of consequences for all retailers, especially concerning the customer data they collect. In this special feature, as Liquid Barcodes CFO & DPO Mads Mørk explains, retailers collecting data will be ‘data controllers’ under GDPR. And this means increased responsibilities for our industry.

By Mads Mørk, CFO & DPO, Liquid Barcodes

What must convenience retailers do to ensure their customer program is GDPR compliant? If you are a CEO, there are 9 questions on GDPR you should ask your marketing, legal, and IT team.

What personal data do we possess?

Getting an overview of what personal data is in your possession is probably the best place to start your work on GDPR compliance. In GDPR terminology, personal data is defined as any information relating to an identified or identifiable natural person. This is a broad definition. Hence, a wide range of customer data should be considered personal data. Identification of a person can be indirect. The GDPR lists a range of data that can identify persons. Of special interest to retailers are location data. For example, if customers leave a trail at the POS, your transaction data should be treated as personal data because the data can reveal the location of customers at specific times.

Can we avoid collecting sensitive personal data?

Sensitive personal data is treated more strictly under GDPR than personal data. Sensitive data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sexuality. If you can avoid having such data in your possession, it will be easier to be GDPR compliant.

How do we use pseudonymization and encryption to increase data security?

The trend of collecting and storing ever more customer data poses a challenge in the context of GDPR. The GDPR requires you to have full control of access to and integrity of your data. Pseudonymization and encryption are tools to alleviate these problems. Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. For example, replacing customers’ phone numbers on the above mentioned receipt data with a random user ID. Encryption renders data unreadable without the encryption key. We advise you to pseudonomize all customer data except for modules that handle direct communication with customers. For example, the part of your system sending SMS to customers needs phone numbers, but the module handling statistics most likely does not. Databases that contain data which can directly identify customers, for example member profile data with phone numbers, and databases with large amounts of data, such as an archive with pseudonymized data, should be encrypted.

What about our suppliers – are they on track with GDPR?

As data controller, you are responsible for data also in the possession of your suppliers, or Data processors in GDPR terminology. You need to list all suppliers in your privacy policy. You should review your data processor agreements. You must also approve your suppliers’ sub-suppliers before they can begin to process your data.

Do we have an efficient system for handling rights of data subjects?

The rights of Data subjects are more extensive under GDPR. The GDPR also requires you to answer requests from Data subjects within 1 month (extension possible in certain cases). Retailers should aim to give all necessary information to Data subjects through ‘My page’ solutions behind secure log in mechanisms.

Have we recorded active consents from all registered customers?

Consent is the primary legal basis for handling personal data for retailers. Under GDPR, consent must be active and consent texts must use clear and plain language. You must record consents so that you can prove that active consent has been given. Extra attention is placed on communication towards children (13-16 years, depending on member state). We advise to put age limits on signing up to avoid communicating towards children.

Be aware that activities involving automatic profiling of customers and geo location data require specific consents in addition to the main customer consent.

Does our privacy policy give the necessary flexibility in our marketing activities?

Since consent regulations have become stricter, it is more important than ever to ensure that your privacy policies cover the activities you are most likely to do. For example, make sure to collect consent to send marketing SMS and emails, with opt out option, even if you collect phone numbers or emails through your app.

Privacy policies will become an arena where you can demonstrate your seriousness in dealing with data protection and privacy, while using language in line with your brand image. Take that opportunity.

What is our process for handling data breach incidents?

Data breach is an incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. In case of data breach incidents, you may be required to inform your supervisory authority and your customers. There is a list of criteria specifying when you need to disclose data breach incidents.

However, your suppliers, the Data processors, should always inform you about data breach incidents.

How do we train our organisation on GDPR to ensure continuous compliance?

GDPR places great emphasis on data security and the legal basis for your communication towards customers. In practice, employees in many different departments, such as marketing and IT, will be responsible for implementing and complying with these regulations.

Therefore, it is vital that you establish training schemes to teach GDPR to the organisation. For example, the IT department must ensure that new development tasks are compliant with GDPR. Do we collect new information? Do we store data in a new way? The marketing team must know when to tread carefully when discussing new campaign ideas. Is this activity covered by our existing privacy policy? Do we need automatic profiling or geo location consent?

Disclaimer: this article is not meant as legal advice. You must seek advice from your legal advisors to ensure complete compliance with GDPR as this can vary from company to company.

Find here more information about GDPR and privacy protection.

Blog post

Lessons in Loyalty: Rewarding Subscription Programs

Subscription programs ensure recurring revenue, guaranteeing customers visit frequently for pre-paid products. 

Blog post

Lessons in Loyalty: Rewarding With Points

Rewarding with points provides customers with timely purchase tracking to motivate loyalty and increase spending.   In the ongoing exploration of loyalty programs, this article focuses on the next step in the Customer Connection Cycle: Rewarding with points. There are a few ways to reward loyalty and to track customer purchases. One of them is […]

Blog post

Cheers to Beers: Old Irish Pub Rewards for Frequent Customers

European restaurant chain Old Irish Pub rewards customers with digital stamps for buying drinks, offers games and more! 

Blog post

Lessons in Loyalty: Rewarding With Stamps

Keep customers engaged and happy with loyalty program stamp rewards. 

Blog post

Lessons in Loyalty: In-Store Excellence

Executing a personalized loyalty strategy ensures each store visit is efficient and includes moments of gratification.

Blog post

Lessons in Loyalty: Powerful Promotion

Promote a rewarding loyalty program that prioritizes personalized value to ensure members feel valued, and appreciated.

Blog post

Lessons in Loyalty: Engage Members

An important component to having a successful loyalty program is to develop a powerful plan to engage with your members.

Blog post

Lessons in Loyalty: Recruit Loyalty Program Members

The first step in a successful loyalty program is to recruit a robust, loyal membership base with an effective recruitment strategy. In the ongoing exploration of loyalty programs, this article focuses on the pivotal first step in the Customer Connection Cycle: recruiting members. Establishing a robust and loyal membership base is paramount, and this article outlines […]

Blog post

Lessons in Loyalty: Customer Connection Cycle

The Liquid Barcodes Customer Connection Cycle Explains Six Key Components to Operating a Successful Loyalty Program

Blog post

Lessons in Loyalty: Easy, Empowering, and Engaging 

Invite higher sales with a loyalty program that is easy, empowering, and engaging.

Blog post

Lessons in Loyalty: Clear, Compelling and Consistant Programming

Engage customers with a compelling loyalty program that is clear, compelling, and consistent.

Blog post

Increasing Customer Engagement With Loyalty Programs

From basic discounts, points, and perks, to more advanced strategies like subscriptions and mobile payments, loyalty programs allow retailers to compete in today’s fast-paced retail landscape.

Blog post

Beverage Subscriptions Improve Foodservice Sales

Implementing a beverage subscription program will boost customer spending on foodservice items.  Consumers visit convenience stores to do three main things: get gas, use the restroom and buy a drink. As prepared food becomes the norm in convenience stores, give your customers an offer they can’t resist with a beverage subscription program.

Blog post

An Introduction to Subscription Programs

Subscription programs ensure recurring revenue by recruiting customers and enhancing the overall foodservice offer Subscription is a big buzzword referring to any recurring or prepaid program that is delivered or available on a regular basis. 

Blog post

Maxol Wins Customers and Awards With Loyalty App

Irish retailer Maxol celebrates a year of success with their award-winning loyalty app. Maxol’s loyalty app has been rewarded for excellence with the prestigious “2023 Loyalty Launch of the Year ” award at this year’s Irish Loyalty & CX Awards.

Blog post

What Is C-StorePay?

Liquid Barcodes’ proprietary C-StorePay makes paying for fuel, in-store merchandise, and subscription programs convenient for customers, reduces credit card fees for retailers, and integrates easily into existing loyalty programs Announced in October 2022, the revolutionary Liquid Barcodes C-StorePay product rose to the top of retailers’ 2022 wish lists at the NACS Show, even achieving a […]

Liquid Barcodes

Put a rocket under your loyalty program

With our loyalty platform, we help design and operate world-class, tailor-made subscription and reward programs that make sure your customers always come back.

Book a Demo →

We are trusted by global brands.

Convenience retailers all over the world have engaged and rewarded consumers with our tailor-made loyalty programs.

To our case studies →

Liquid Barcodes
Liquid Barcodes
Liquid Barcodes
Liquid Barcodes

Convenience retailers all over the world have engaged and rewarded consumers with our tailor-made loyalty programs.

To our case studies →

Liquid Barcodes
Liquid Barcodes
Liquid Barcodes
Liquid Barcodes

Situs Judi Togel Slot Online Terpercaya Indonesia

slot pulsa

situs judi slot online

togel slot casino online

istana slot online


Situs Judi Slot Deposit Pulsa

judi slot gacor terpercaya

istana slot

istana slot situs slot


judi slot online gacor

judi slot online gacor

slot deposit pulsa

istanaimpian slot online

agen togel casino

judi live casino

agen togel casino


uno prediksi

prediksi togel istanaimpian

slot online gacor 2023

raja situs judi slot

slot online terbaik 2023

Daftar Slot Online Gacor 2023

Situs Judi Slot Demo Pragmatic

slot deposit dana Terbaru 2023


slot dana
istana slot
Situs Togel Toto 4D