Skip to content
Freeths - Law firm
Articles IT & Data 12th Sep 2022

Loyalty Programs and Data Protection – A checklist for program providers

As inflation soars, consumers are more likely than ever to join a loyalty program and are willing to pay if the program guarantees discounts and offers relevant benefits. Loyalty programs provide important new avenues for brand engagement, and also allow loyalty program providers to understand more about their customers, providing a potentially rich source of customer data.

So, interesting times for loyalty scheme providers. But given they involve the collection and processing of lots of customer data, UK GDPR is never far away.

In this article, we summarise some of the data protection issues that loyalty program providers need to think about when running loyalty programs.


1. Be transparent about how you use loyalty scheme data

The UK GDPR requires loyalty scheme providers to be transparent about how their programs process customer data. So, offer your customers a clear and concise privacy notice when you collect their data.

There are a number of things to include, but the main points include:

  • Who you are
  • Purposes for processing for the loyalty program
  • Lawful Basis
  • What rights the customers have


2. Have a lawful basis for using loyalty scheme data

Loyalty scheme providers need to select a lawful basis under UK GDPR for the processing they do.

People often think of consent as the most obvious basis, but others are available, such as legitimate business interests. If your program collects “special categories” of data (such as health or ethnicity of customer), you will need to select an extra condition on top of that (such as explicit consent).

You need to document your lawful bases, and keep to them.


3. Take care when profiling your customers

Loyalty scheme providers might use customer data to build a profile of their likes and behaviours.

Where they do this, they should ensure the data is accurate and up to date under UK GDPR. If the data isn’t correct then any profile or decision based on the data will also be flawed.

Scheme providers should also tread carefully if you are making automated decisions about their customers – there are strict rules for this, and they might need customers’ explicit consent to do so.

…and don’t forget

This article has covered the key issues that loyalty scheme providers should consider when processing their customers’ data. It is not an exhaustive list. In addition to these challenges, scheme providers should take into account UK GDPR principles such as data security; purpose limitation; and storage periods for customer data. These are challenging times for retailers, but they also offer opportunities. Loyalty scheme providers who can balance commercial opportunity with good data governance will be the ones best placed to inspire customers and retain their trust (and loyalty).


To discuss anything further please contact Freeths’ National Head of Retail, Philippa Dempster or our Head of Data, Luke Dixon.


The content of this page is a summary of the law in force at the date of publication and is not exhaustive, nor does it contain definitive advice. Specialist legal advice should be sought in relation to any queries that may arise.
Philippa Dempster

Author: Philippa Dempster

Senior Partner & Managing Partner - London Office

Author: Luke Dixon

Partner

Related Services

IT & Data

Related Sectors

Retail

Client service

‘Doing the right thing’ is at the heart of Freeths. Find out more about our excellent client service and the strong set of values that guide the way we work.

Our values

arrow

Talk to us

Freeths are a leading national law firm with 13 offices across the UK. If you have a query about our services or just want to find out more, why not give us a call?

Contact: 03301 001 014

Choose an office:

Portfolio close
People CV Email

Remove All


Click here to email this list of people to a colleague.