FEATURE
2. Be honest and transparent
about the data you’re collecting
This is another vital part of GDPR
– tell your customers, clearly
and succinctly, about why you’re
capturing their data. There are
two key elements here:
Firstly,
for
marketing
permissions, the consent wording
used when they proactively
tick the box indicating they
opt-in to marketing should be
April 2018 | jewelleryfocus.co.uk
‘‘
Being
honest and
transparent
at every stage
will make
customers
feel more
comfortable
about handing
over their data
and inspire
further trust
in your brand
‘‘
for example, you’re using it to
supply restricted products.
From a marketing perspective,
justifying personal data capture
can be even more challenging.
On date of birth, for example,
there would be no traditional
reason to capture this for the
purposes of marketing. But if you
plan to reward a customer on
their birthday, the data capture is
justified – as long as you actually
follow up on your intent. If you
don’t, the need to hold the data
vanishes, and you should delete
the data.
Lastly, ensure your privacy
policy clearly states that you may
use collected data for analysis or
profiling, meaning you could use a
correctly captured date of birth to
segment customers by age group
to understand your sales better, or
improve your targeting.
unambiguous: “we will send you
SMS marketing containing the
latest news and offers”.
Secondly, your privacy policy
should state clearly that you
might use any collected data for
analysis or profiling. It should also
state how they can exercise their
GDPR rights – such as ‘Right to be
Forgotten’ – for any personal data
held by your company.
Being honest and transparent at
every stage will make customers
feel more comfortable about
handing over their data and inspire
further trust in your brand. So
when a customer receives an email
from you, they’re less likely to ask
“why am I getting this?” and mark
you down as spam – or worse,
report you to the Information
Commissioner’s Office (ICO).
Instead, with a transparent sign up
process, your customers will fully
understand why they’re getting the
email, were hopefully expecting to
receive the email, and will be more
engaged with its content.
For retailers capturing customer
data at till – to sign them up to a
loyalty card, for example – you
will need to ensure store staff have
the right training to communicate
clearly your brand’s data capture
policies, and to ensure they follow
the right processes to correctly
collect permissions. If they do, the
data they collect from a customer
remains usable in the future,
otherwise you’ll need to delete
anything incorrectly captured.
Lastly, a point on execution.
Most customers won’t have read
the ICO’s guide on GDPR and
aren’t going to understand, or
care, about every GDPR term.
Embrace this as a chance to
avoid jargon in your policies
and say things concisely, simply
and clearly. And absolutely steer
clear of double negatives and pre-
ticked boxes.
3. Follow best practice to keep
using collected data in the future
Post-GDPR, it’s no longer
enough to simply have honest
and transparent consent wording
up front. You’ll need to remind
customers at least annually about
what they opted-in to, and that
they have the option to change
these preferences.
For customers no longer
interacting with your brand,
ensure you have a process to
eventually remove them from your
database after a certain period of
time. The time needed will vary
based on whether you can justify
keeping that data longer – if you
sell multi-year warranties, holding
their personal data for the duration
of their warranty makes sense.
JEWELLERY FOCUS
25