Do you have a loyalty club for customers? You may be in for an inspection soon!
In early March, the Office for Personal Data Protection (the “DPA”) published its inspection plan for 2025. Among other areas, the inspections will focus on the practices of retail chains, specifically the provision of customer discounts within loyalty programs in exchange for consent to the processing of personal data, as well as the sending of unsolicited advertising. As part of the EU initiative, the DPA will also check the proper application of the “right to be forgotten”.
The DPA already focused on loyalty programs of retail chains back in 2021. At that time, the inspections concerned the scope of the processed data, their security, and the period for which the customers’ personal data are stored. In 2025, the inspections will focus primarily on the conditions for granting consent to the processing of personal data in connection with participation in the loyalty program.
The impetus for including this issue in the inspection plan stems from the DPA’s observation last year of a growing trend among certain retail chains to condition discounts or similar benefits on customer participation in loyalty or similar programs that require the provision of a wide range of personal data.
The inspection plan indicates that the DPA views this approach as a form of economic pressure and will examine, at least in the case of certain chains, whether such consent is in accordance with the GDPR, under which consent must be free, specific, informed and unambiguous. Violations of the GDPR are punishable by fines of up to EUR 20 million. For the sake of completeness, it is worth noting that loyalty programs have recently attracted the attention not only of the DPA, but also of other supervisory authorities, particularly the Czech Trade Inspection Authority and the Office for the Protection of Competition (the “OPC”).
Reviewing your loyalty program and its terms can help identify potential risk areas before it is too late. Our experts will be happy to:
- review your loyalty program and related documentation;
- train and prepare your team for an inspection by the DPA or OPC, or support your company in successfully navigating such an inspection.
If you have any questions, please contact our team – Michal Zahradník, Lýdia Cadete and Dana Provázková.
This document is a general communication and should not be regarded as legal advice on any specific matter.