In a recent study by consumer body Which?, several major retailers were potentially at risk for violations of data protection regulations by sending marketing content to customers via e-receipts – the same customers who specifically requested not to be contacted for promotional offerings.
When done properly, e-receipts are a fantastic marketing opportunity. Triggered by a purchase, transactional emails have eight times the open rate, compared to traditional emails. Not only is the customer anticipating the message, but also is likely to be open to offers for accessories and products related to their most recent buy.
Take buying a new mobile phone – where a paper receipt is not common practice, an e-receipt offers the retailer the chance to sell the customer important extras, such as mobile insurance and a case to protect the new device. It is an exclusive, direct route to high intent audiences.
It comes as no surprise that retailers are determined to deploy such a high engagement tactic, but it does not take a GDPR expert to work out that turning transactional communications into a marketing opportunity requires thorough understanding of the rules about what can and cannot be done.
Those that proceed should be aware of the regulations and the risks of overstepping them – particularly when the Independent Commissioner’s Office (ICO), which oversees GDPR laws, has the ability to hand out massive fines to companies seen to be in breach of this.
Into the grey matter
It is not as black and white as it might seem when it comes to GDPR and what you can and cannot include in an e-receipt.
Retailers such as Mothercare, Schuh, Halfords and Gap may be in direct breach of GDPR regulations, but not because their e-receipts contained promotions per se. It is because they may not be following the general principle that retailers should only send marketing emails if they are transparent in how they use their customer data and they respect the opt-out requests. Gap for example, apparently sent a 20% off promotional voucher after the purchase by its customer, but no e-receipt.
However, this doesn’t close the door completely to marketing following customer purchases: opportunities to include ‘marketing’ within these post-purchase emails can exist if the retailer can balance its interests with the rights of their customers, all the while clearly informing them how they use their data. The retailer should see if there is legitimate interest for an offer within an e-receipt. For example, offering 30% off ink cartridges within the e-receipt for purchase of a printer can be seen as legitimate interest as the shopper will ultimately need ink for that printer. Of course, this should only be sent to customers who have not requested to be opted-out of promotional emails.
The ICO states legitimate interest is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.
Another aspect to consider is the environmental importance of migrating customers to e-receipts.
Being an environmentally friendly and global-footprint-minded brand is very important for many consumers and often purchase-decisions are made on these credentials. For example in 2018, Collins Dictionary named ‘single-use’ the word of the year – referring to products that are made to be used once and thrown away, highlighting the popularity this had in the UK. In result of this, many in-store retailers are now recognising e-receipts as an important way to make the end-to-end shopping journey seamless and more environmentally friendly.
Whilst e-receipts have grown in popularity and are becoming a trend among retailers, the retail examples above serve as a reminder to businesses all over the world that they need to tread carefully with all customer communications. Above all, retailers must never lose sight of being fully transparent with their customers on how their personal data is used, and the communication they can expect to receive. E-receipts are an excellent opportunity to offer a better customer experience, but this must always be done with GDPR in mind to ensure trust is maintained with your loyal customers.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus