Oasis on the challenges of GDPR and the ‘right to be forgotten’

The fashion brand admits it is still trying to work out how it will delete a customer’s personal data but says it sees opportunities in creating a single customer view.

In less than three months’ time, GDPR will enshrine into law the ‘right to be forgotten’. The new data regulations make it mandatory for all businesses to allow customers to remove their data from record. It is the biggest shake-up to data law in two decades – and yet a number of businesses are still grappling with how they will deal with requests for anonymity.

Fashion brand Oasis is one of them – and speaking to Marketing Week at an RSA conference on Tuesday (6 February), the business’s head of digital, Helena Theakstone, says while it is currently working to ensure it has a process in place that complies with the new laws, there are challenges that she doesn’t yet have the solution to.

“Data plays a big role in Oasis’s overall marketing strategy,” Theakstone says. “How do we [remove a customer record entirely]? Where do we store that record? Because obviously in the past it’s been about ‘take me off the email list’, which is a two-second job, nice and easy.

“But they might want every record of them removed now – and we’ve got databases that refer to each other so you can’t just delete someone off a database. How do you anonymise that profile? To be honest, I don’t know the answer.”

One thing the fashion retailer will be doing is paying closer attention to e-receipts, which Theakstone says will be integral to “closing the customer loop” in-store – especially as customers become more omnichannel in the way they shop.

“Within marketing we are always looking at how we capture data and make it relevant and useful for the customer,” Theakstone explains.

“Collecting data, and being able to facilitate and improve [the customer experience] is really important for us. Marketing is really key in facilitating the on- to offline world.”

READ MORE: Shell on overcoming the B2B challenges of GDPR

Oasis has also made other moves to try and ensure the transition to a newly-regulated digital world is as seamless as possible.

In an effort to “build a single customer view from its multi-channel consumers,” Theakstone says there is a lot of investment going into building a customer relationship management (CRM) system.

The business has also hired a customer insight manager and website optimisation manager, which are both new roles for the business.

However, Oasis currently has no specific data controller or chief data officer. Instead its IT and legal teams are responsible for managing all GDPR-related projects and developments and it is in the process of setting up a ‘Privacy Impact Assessment Council’. Made up of key stakeholders, it will require any new project that touches or makes use of customer data to go through the council.

Theakstone says having this process in place will undoubtedly impact the speed the business can work at, especially at the beginning as they find the right partners to work with and ensure they are fully compliant as well.

“It’s going to be quite different to how we’ve worked in the past,” she says. “But all is for the best because it will be much safer for the data.”

Oasis is already refusing to work with third parties that aren’t compliant.

Recommended