GDPR and Privacy Protection Thoughts as Data Drama Unfolds

Paula Thomas, Chief Content Officer, Liquid Barcodes


Nearly two years have passed since the GDPR was adopted by the EU – directly impacting organisations worldwide that hold the data of EU citizens. At its core, the regulations are designed to recognise the value that individuals place on their personal privacy and protect them against either intentional or accidental abuse.

Much has been written about what companies need to do to ensure they are compliant and it’s importance cannot be overstated with this week’s news that data abuse allegations have already impacted Facebook’s company share price to the tune of $37 billion when a research firm contracted by ‘Cambridge Analytica’ apparently gained access to the information of 50 million users on the platform and then allegedly used it for political campaigns. Massive attention was already focused on the company’s privacy policy with the data being described as ‘a weapon’ and accusations that the social media giant is now actually ‘dangerous’, so this week’s allegations will only increase the focus on corporate privacy policies and how they can affect us as individuals or potentially our leadership if data breaches are shown to have affected or manipulated election results.

GDPR affects companies of all sizes, so with less than two months to go before the regulations become enforceable, I’ve taken the opportunity to reflect on how these concerns are increasingly impacting our everyday lives.

A Professional Perspective

Data protection legislation in my home country of Ireland dates back to 1988, and I will never forget receiving an unexpected phone call from the Data Protection Commissioner as early as 2002. It was a briefly alarming moment as I wondered if there had somehow been a data breach within my role as the marketing manager for a large European online travel agency but thankfully it was simply a proactive introductory call by the Commissioner – and one that I respected enormously as data protection regulations responsibilities were so new to many marketers holding customer data at that time.

Fast-forward to 2018 and the principles of data protection now underpin my professional life on a daily basis working with large loyalty programmes. These days, qualified data protection advisors are typically available to support me on any project, although the Facebook debacle suggests there will remain areas of risk particularly when the selling or using customer data for insights is the core business model.

Given the cost of compliance, many typically see the enhanced EU framework as an onerous responsibility, with quoting GDPR implementation costs in excess of $7.8bn. Recent research from EY shows that although 60% of European companies say they will have their complete data protection processes in place in time for the May 25th deadline, the figure globally is a worryingly low 33% with non-compliance typically more likely to occur in smaller companies. As marketing managers, our responsibility lies in ensuring there is clear understanding that GDPR doesn’t just apply to companies registered in Europe but also to any brand globally holding data of European citizens. As well as the immediate potential impact on share value, the costs of non-compliance could far outweigh the costs of compliance, with possible fines of up to 4% of global revenue if a breach arose, particularly if complacency or intentional abuse was proven.

Despite the climate of fear that arose initially around GDPR, some brands have come to realize that the discipline required by GDPR can deliver significant business benefits. Even when the legislation does not apply, for example to countries with less stringent laws in this field, brands and companies are increasingly being advised to adopt GDPR in order to be seen as leaders in their field.

Electing to comply with GDPR undoubtedly instills confidence from consumers and shareholders alike.


A Personal Perspective:

There are over 1.4 billion of us now using Facebook every day. It’s designed to be lots of fun, yet most of us are blissfully unaware exactly how much data we are trading for the privilege.

Even before the allegations of data abuse this week, a recent article made me curious about how much data I have given to Facebook. I consider myself a careful and cautious user of social media, yet when I downloaded my personal archive, I was very uncomfortable to see the phone numbers of my entire personal and professional network listed for no reason I can recall. Even phone numbers of people I deleted years ago are still stored and I was completely unaware of it. Given Facebook’s revenue model, it’s clear that this data is being held because it’s so valuable commercially – it has even been described as ‘the new oil’.

It seems inevitable that GDPR and other legal frameworks globally are essential to maintain public and political confidence. Platforms cannot simply be trusted to police themselves without oversight and regulation.



Some Closing Thoughts

The arrival of GDPR will put manners on many brands that may not have had the time, opportunity or inclination to develop their data policies and procedures to date.

While these legal responsibilities will now serve as a minimum level of consumer data protection, the increased focus on our privacy is an opportunity for brands to go even further. With consumers increasingly choosing to engage with brands based on their underlying values, successful companies will be those that don’t just respect our privacy because they have to, but because they genuinely want to earn our trust.

My personal favourite is Apple – led by the clarity and integrity of its founder Steve Jobs. With over 3.5 million views, this video shows Jobs speaking on privacy in 2010, long before many brands (particularly in the USA) had adopted or even accepted what he describes as his ‘old-fashioned’ views. In it, he describes himself as an optimist who believes that people are smart, and deserve to understand ‘in plain English’ who’s doing what with our private details.

In my view, beyond the legislation and regulation, the use of personal data as summarised by this quote below describes the ideal approach to protecting customer details – placing integrity and customer’s interests at the heart of our businesses.



About Us:

Liquid Barcodes is a leading global loyalty and digital marketing technology company specialized for the convenience store and foodservice industries. Our proprietary cloud-based technology platform allow retailers to create and manage their digital marketing campaigns with a proprietary process we call the “customer connection cycle’ to engage, promote and reward customers activities in real-time across digital and media channels.

How we do it:

We have developed the most advanced loyalty and digital marketing technology platform specifically for convenience store and foodservice retailers globally.

Retailers use our self-service dashboard to create and manage loyalty driven marketing campaigns that increase purchases with their existing customers, as well as effectively target and acquire new customers through partners or paid media channels.

One core component of live loyalty is gamification. We have gamified branding, loyalty and promotions. We believe this approach is essential in order to get customers’ attention and ultimately truly engage them with repeatable actions thereby winning their loyalty.

Check out some of our exciting/proven results here:


About the author:

Paula Thomas

Chief Content Officer, Liquid Barcodes and Independent Loyalty Consultant

With over twenty-five years marketing experience, Paula specializes in loyalty marketing consulting, managing consumer loyalty propositions, strategy and operations. In addition to her work with Liquid Barcodes, her clients have included Telefonica O2, Three Mobile, Electric Ireland, Allied Irish Bank and The Entertainer, as well as Avios – the global points currency for some of the world’s top airlines. She is also a judge for the Loyalty Magazine Awards. 



Future of loyalty newsletter

Sign up for our newsletter, and don’t miss a thing. You will receive email newsletters with our latest blog articles, case stories, and ideas-to-go.

E-mail address