Liquid Barcodes

Resources

What Must Convenience Retailers Do to Ensure their Customer Program is GDPR Compliant

Mads Moerk, CFO Liquid Barcodes

31/01/2018

This article was originally published in Global Convenience Store Focus.

The EU’s new General Data Protection Regulation (GDPR) legislation on data protection and privacy comes into force in less than 7 months in May 2018 and has a wide range of consequences for all retailers, especially concerning the customer data they collect. In this special feature, as Liquid Barcodes CFO & DPO Mads Mørk explains, retailers collecting data will be ‘data controllers’ under GDPR. And this means increased responsibilities for our industry.

By Mads Mørk, CFO & DPO, Liquid Barcodes

What must convenience retailers do to ensure their customer program is GDPR compliant? If you are a CEO, there are 9 questions on GDPR you should ask your marketing, legal, and IT team.

What personal data do we possess?

Getting an overview of what personal data is in your possession is probably the best place to start your work on GDPR compliance. In GDPR terminology, personal data is defined as any information relating to an identified or identifiable natural person. This is a broad definition. Hence, a wide range of customer data should be considered personal data. Identification of a person can be indirect. The GDPR lists a range of data that can identify persons. Of special interest to retailers are location data. For example, if customers leave a trail at the POS, your transaction data should be treated as personal data because the data can reveal the location of customers at specific times.

Can we avoid collecting sensitive personal data?

Sensitive personal data is treated more strictly under GDPR than personal data. Sensitive data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sexuality. If you can avoid having such data in your possession, it will be easier to be GDPR compliant.

How do we use pseudonymization and encryption to increase data security?

The trend of collecting and storing ever more customer data poses a challenge in the context of GDPR. The GDPR requires you to have full control of access to and integrity of your data. Pseudonymization and encryption are tools to alleviate these problems. Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. For example, replacing customers’ phone numbers on the above mentioned receipt data with a random user ID. Encryption renders data unreadable without the encryption key. We advise you to pseudonomize all customer data except for modules that handle direct communication with customers. For example, the part of your system sending SMS to customers needs phone numbers, but the module handling statistics most likely does not. Databases that contain data which can directly identify customers, for example member profile data with phone numbers, and databases with large amounts of data, such as an archive with pseudonymized data, should be encrypted.

What about our suppliers – are they on track with GDPR?

As data controller, you are responsible for data also in the possession of your suppliers, or Data processors in GDPR terminology. You need to list all suppliers in your privacy policy. You should review your data processor agreements. You must also approve your suppliers’ sub-suppliers before they can begin to process your data.

Do we have an efficient system for handling rights of data subjects?

The rights of Data subjects are more extensive under GDPR. The GDPR also requires you to answer requests from Data subjects within 1 month (extension possible in certain cases). Retailers should aim to give all necessary information to Data subjects through ‘My page’ solutions behind secure log in mechanisms.

Have we recorded active consents from all registered customers?

Consent is the primary legal basis for handling personal data for retailers. Under GDPR, consent must be active and consent texts must use clear and plain language. You must record consents so that you can prove that active consent has been given. Extra attention is placed on communication towards children (13-16 years, depending on member state). We advise to put age limits on signing up to avoid communicating towards children.

Be aware that activities involving automatic profiling of customers and geo location data require specific consents in addition to the main customer consent.

Does our privacy policy give the necessary flexibility in our marketing activities?

Since consent regulations have become stricter, it is more important than ever to ensure that your privacy policies cover the activities you are most likely to do. For example, make sure to collect consent to send marketing SMS and emails, with opt out option, even if you collect phone numbers or emails through your app.

Privacy policies will become an arena where you can demonstrate your seriousness in dealing with data protection and privacy, while using language in line with your brand image. Take that opportunity.

What is our process for handling data breach incidents?

Data breach is an incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. In case of data breach incidents, you may be required to inform your supervisory authority and your customers. There is a list of criteria specifying when you need to disclose data breach incidents.

However, your suppliers, the Data processors, should always inform you about data breach incidents.

How do we train our organisation on GDPR to ensure continuous compliance?

GDPR places great emphasis on data security and the legal basis for your communication towards customers. In practice, employees in many different departments, such as marketing and IT, will be responsible for implementing and complying with these regulations.

Therefore, it is vital that you establish training schemes to teach GDPR to the organisation. For example, the IT department must ensure that new development tasks are compliant with GDPR. Do we collect new information? Do we store data in a new way? The marketing team must know when to tread carefully when discussing new campaign ideas. Is this activity covered by our existing privacy policy? Do we need automatic profiling or geo location consent?

Disclaimer: this article is not meant as legal advice. You must seek advice from your legal advisors to ensure complete compliance with GDPR as this can vary from company to company.

Find here more information about GDPR and privacy protection.


Blog post

Circle K Makes a Splash With Car Wash Subscription Program in Europe

Circle K has extended its highly successful car wash subscription program to Norway after successful implementations in the United States, Canada, Denmark, Sweden and Estonia. Circle K’s vast global network of car washes has digitally transformed operations with its revolutionary car wash subscription program. First launched in Denmark and the U.S. in 2020, the program […]

Blog post

Newly Redesigned Brezelkönig App Accepts Payments and Rewards Loyalty

Swiss foodservice chain Brezelkönig releases app update which offers customers the convenience of earning rewards and paying for products with the app in stores.  The recently-updated Brezelkönig app allows pretzel-loving customers to enjoy recognition and rewards for their loyalty. Additionally, the Brezelkönig app accepts payments to make the customer experience even more convenient.  Brezelkönig is […]

Blog post

Sunshine Gasoline Introduces ACH-Only Mobile Payment for Fuel

Florida convenience retailer releases fuel payment app accepting only ACH payment, saving thousands in payment processing fees for the retailer. Sunshine Gasoline upgraded its Max Carwash App to Sunshine Brand featuring a special fuel pay program, powered by C-StorePay by Liquid Barcodes, which allows consumers to conveniently pay for fuel using the app. Customers simply […]

Blog post

2022: An Outstanding Year for Liquid Barcodes and Our Customers

In 2022, Liquid Barcodes witnessed a year of unprecedented growth with customers, products and team members. Every great business has an inspiring founding story and Liquid Barcodes’ 10-year journey is inspiring the future of loyalty. Beginning as a startup in Norway, the company opened its second office in the United States in early 2022 and […]

Blog post

What Is C-StorePay?

Liquid Barcodes’ proprietary C-StorePay makes paying for fuel, in-store merchandise, and subscription programs convenient for customers, reduces credit card fees for retailers, and integrates easily into existing loyalty programs Announced in October 2022, the revolutionary Liquid Barcodes C-StorePay product rose to the top of retailers’ 2022 wish lists at the NACS Show, even achieving a […]

Blog post

Polish Retail Leader Żabka Launches Coffee Subscription Program

Polish retail giant, Żabka introduces a monthly coffee subscription program across its vast store network. With its new coffee subscription program, Żabka Polska will certainly dominate the beverage category in Poland’s unique convenience market. In July 2022, Dr. Adam Manikowski, Managing Director of Żabka Polska, was featured on the popular Global Convenience Store Focus video […]

Blog post

Loyalty Apps Engage Customers

98% of loyalty app users love using a loyalty app and want more features from it. In September 2022, NACS published a report examining customer engagement with convenience loyalty programs. Unsurprisingly, customers feel most engaged, appreciated and valued by the stores to which they belong in a loyalty or membership program – nearly ¾ of […]

Blog post

Save Thousands in Credit Card Fees With ACH

Visa and Mastercard announced an increase in interchange fees earlier in the year and retailers are taking action and sending a message by migrating their customers to new solutions, including mobile app-based ACH payments, and in the process increasing profits by not only reducing credit card fees but also boosting loyalty via innovative app-based incentive […]

Blog post

Maxol Launches First-of-Its-Kind Loyalty App

Maxol, Ireland’s largest family-owned forecourt and convenience retailer, announced it has launched a new customer loyalty app with never-before-seen features in the Irish market. After more than a century serving Irish customers, Maxol’s 240+ stores and service stations are located throughout Ireland and have enjoyed global recognition for their best-in-class operations, store design and offers. […]

Blog post

Delivering Personalized Content With Machine Learning and Image Recognition

Build personalized customer connections, improve efficiency, and make intelligent, data-driven decisions using machine learning and image recognition.   It’s 7:15 in the morning and a customer – Amy – is on her way to work. She is on the hunt for coffee and breakfast and stops at a convenience store. She opens her store app […]

Blog post

Circle K’s Use of Beacon Technology to Activate Car Wash Subscription Program

Beacon Technology and Car Wash Subscription Programs Beacon technology used in tandem with a customer-facing car wash subscription program revolutionizes the customer experience by providing a quick, convenient experience. Innovation is the key to continued growth and ensuring a frictionless customer experience should be top of mind for any retailer. Circle K’s vast global network […]

Liquid Barcodes

Put a rocket under your loyalty program

With our loyalty platform, we help design and operate world-class, tailor-made subscription and reward programs that make sure your customers always come back.

Book a Demo →

We are trusted by global brands.

Convenience retailers all over the world have engaged and rewarded consumers with our tailor-made loyalty programs.

To our case studies →

Liquid Barcodes
Liquid Barcodes
Liquid Barcodes
Liquid Barcodes

Convenience retailers all over the world have engaged and rewarded consumers with our tailor-made loyalty programs.

To our case studies →

Liquid Barcodes
Liquid Barcodes
Liquid Barcodes
Liquid Barcodes