New EU Data Legislation: What Luxury Brands Need To Know


Charlotte Wooding | April 24, 2017

The introduction of new EU legislation GDPR (General Data Protection Regulation), spells significant challenges in the way we collect and use data. Charlotte Wooding reveals what it means for luxury brands.

When it comes to fuelling new levels of service and enhancing customer experiences, data is key.

And in the world of luxury, understanding your clientele and knowing their preferences is crucial if brands want to provide the personalised experience that consumers expect. After all, luxury is built on offering a knowledgeable, tailored and seamless service – everything that distinguishes luxury brands from the premium and mass.

As with all good things, frictionless and tailored experiences come at a price. They require customers to share their personal data – which consumers are often willing to exchange only for a superb level of service. However, the introduction of new EU legislation GDPR (General Data Protection Regulation), spells significant challenges for even the most tech-savvy brands.

GDPR is essentially a total overhaul of the current data protection regulation, replacing the old EU data protection system. Coming into force on 25th May 2018, it will update the rules that are followed by any organisation processing EU residents’ personal data, with the aim to give people more control over their data.

It provides an exciting opportunity for luxury brands to be more transparent, relevant and to empower customers with choice. After all, it’s our duty as marketers to be personally relevant and valuable to our audience.

But with so much change comes challenges. With nearly a year to go, surprisingly one in four businesses are still unprepared for GDPR, with just over half reporting that they feel ready, according to the DMA.

What does GDPR mean for luxury brands?

GDPR fundamentally means that businesses will need to be more transparent about what personal data they are holding, why they captured it and what they intend to do with it. The concept is simple: if I have given you my data, then I should be able to retrieve it or even transfer it to someone else.

What’s more, companies who do not handle this data in line with the new rules could be faced with a hefty fine of up to 4% of its global annual turnover, or €20,000,000, whichever is more.
And that’s not all. Businesses that don’t get it together risk legal action from the individuals whose personal data they are using, since GDPR gives EU residents direct rights to obtain court orders and compensation.

But for luxury brands, there are more significant things than money at stake.

Data breaches made due to a failure to follow these rules risk reputational damages that could be detrimental to business. Which is particularly pertinent in the luxury market where high-net-worth individuals prize nothing more highly than privacy, confidence and trust. Not to mention that they can be particularly vocal and influential if it is breached.

You may be thinking that because the UK is leaving the EU, these new rules won’t apply. Yet, the UK government has confirmed that it will still implement GDPR, regardless of Brexit, so clearly the stakes are too high to ignore.

What’s next?

As time is always at a premium, luxury brands should start to prioritise how they understand their data – what they’re holding, where it’s stored, who oversees it, how secure it is and what they’re using it for.
A significant issue for many luxury brands will be that data is often held on multiple databases. So the next 13 months will be a race to get the house in order – to understand what data is being held and to consolidate, secure and access it to meet enhanced consumer access rights.

Businesses should then develop a plan to ensure their operations are compliant. For most companies a suitably trained Data Protection Officer should be appointed. All staff members who come into contact with customer data should be trained on the new legislation, best practices and what the changes mean. It’s not just something your legal department need to glance at – the whole team is liable here. And they need to understand both the severity and the benefits of compliance.

Under the GDPR, consent to the processing of personal data must be explicit and freely given, so unfortunately nothing short of an “opt-in” tick box will suffice. Individuals also have the right to withdraw consent or opt-out at any time. This provides an ongoing opportunity for brands to prove their worth to consumers – especially for luxury brands, who will need to create a customer experience which reflects their prestige.

Every aspect of the “opt-in” process needs to reflect the benefits to signing up. Marketers need to consider how they make the signup process as frictionless as possible. And for luxury brands, that means an attention to detail. The T&Cs; need to be digestible and relevant, ensuring the language and tone of voice is the conveying the right message for your brand. This is a critical part of the process that shouldn’t be overlooked.

As plans to prepare for GDPR are implemented, there can be no cutting corners for luxury brands. For an industry built on discretion and knowledge of customers, GDPR has the potential to make or break brands. With an ever-demanding consumer looking for a new relationship with brands, marketers that manage to successfully navigate GDPR and collect and capitalise on this wealth of data will come out as winners.

Data | Sustainability