22/01/2019 | data,GDPR,database management,competition handling,handling & fulfiment,privacy

Who's looking at your data?

True, the Internet of Things is an absolute marvel and we’d all be lost without Google…. but it has to be said that the nature of the digitally driven world we live in has definitely played a part in a growing list of high-profile data breaches, including those of social networking sites LinkedIn and Facebook. Dropbox has also admitted to being hacked with email addresses and passwords belonging to more than 68 million users being made available for purchase online to the highest bidders.

GDPR had, and probably still has for the latecomers, us all running around looking at how we store clients’ data, what we use it for and how & when will we dispose of their data.

Data breaches are not scaremongering by the ICO to ensure we heed the new legislation; complaints from individuals to the Information Commissioner’s office about potential data breaches have more than doubled since the new regulations took force on the 25th May 2018.

Several blue-chip companies including Morrison’s, T-Mobile and British Airways have come under the radar for large-scale data breaches, with Superdrug warning its online customers to change their passwords after cyber criminals claimed to have the personal data from 20,000 accounts. 

The result of data breaches can be devastating

You only have to look at the posts on social media sites of teachers asking for people to like and share their photo as an experiment to show their pupils the dangers of the internet. 5 million likes and 263k shares later and that image has circled the globe several times and it’s pretty safe to say that not all those individuals will be good, law abiding citizens.

Can you be sure your customer’s data is safe when you ask them to readily hand it out?

Think about all the times you’ve purchase products online or over the phone - how can you be certain that the merchant is PCI-DSS compliant and that your card details aren’t being stored in a database that could be at risk of being hacked? As a brand do you have a third party hosted e-commerce shop that takes online payments, or a call centre in a different location that takes orders over the phone or via email. Can you be certain that your client’s data is not being incorrectly stored?

And what about when you’re claiming for a cashback on your latest white goods purchase – does the excitement of the monetary gift cloud your judgement to the risk of identity theft? As a brand can you be certain that your client’s name, address and bank account details won’t be hacked and sold to the highest bidder?

And what about letting your 6 year old daughter enter an online competition? She can be in with a chance of winning an extravagant three storey dolls house if she enters with a photo of herself with her favourite dolly. How could you possibly say no? I mean, it all seems pretty innocent as long as the Handling House’s Competition Department is the only place the photo of your daughter and your home address details can be found. But what protocols do you as a brand really have in place when running on-pack competitions to stop your customer’s photos and home address details from circling the globe?

Observation of data protection that’s how

Their purpose is to protect us all from the catastrophic effect of data breaches. Making sure your clients’ data is secure at all times and for every unforeseeable eventuality is not a ‘nice addition’ to your campaign but a serious must have. 

At MRM we have a dedicated Data Controller and a bespoke Asset Management System to protect the data assets of our clients and track the flow of all data within our business. We start the process by consulting with our client’s pre campaign to discuss their data processing requirements. We look at opt in’s / opt outs, data anonymisation, data deletion and the detail of the data we are going to be holding. Our Client Services team will look at the file layout of the proposed data to be sent to us for fulfilment purposes and will regularly advise the client that we don’t need to receive every field – for example if we’re fulfilling the doll house prize, we don’t need to know the winners email address, date of birth or receive a copy of the photo – we just need their name and postal address.

 So looking back at your online purchases, your cashback and your competition entries we can confidently state that we will only hold the minimal data necessary to allow us to do our job.

We can assertively report that we will have carried out a Privacy impact Assessment pre-launch, that our fulfilment system that stores the data is secure, that only the key personnel involved in a competition, cashback or order will have access and access will be revoked after a 3 month period or sooner to cover for any client staff changes.

And as a first point of client contact, I also know that whilst I might be involved in discussing the requirements with you the brand at the start of the campaign, but I will personally never see the details of the customers, entrants, winners or cashback claimants.

And likewise, I know that this process is implemented in all the hundreds of thousands of orders, competitions and cashbacks we process daily.

Can you stand there and be as confident as we are about our client’s data, that your customer’s data is safe?

At MRM, your brand is in our hands. To discuss data protection for any promotional mechanic please call Caroline or Vikki  on 01858 414 777.

Leave a comment