How to Use Customer Files?
19 January 2009
Read by 2472 persons
The customer file is naturally at the heart of companies' marketing strategies, the place of IT and the development of communication networks facilitating the creation, use and distribution of files.
Thus, significant investments are made by companies to create files listing, beyond the identification data of their customers, a multitude of information concerning them such as their professional activity, their purchasing habits and their centers of interest. By grouping this information, the company today aims to anticipate the future needs of its customers.
However, the customer file is a tool of prudence and the need to reconcile customer relationship performance and the protection of personal data is essential.
Strict Regulation
The use of the customer file can indeed jeopardize the individual freedoms of the persons concerned. The law constitutes the pillar of the regulation concerning nominative data.
Customer files, given the information they contain, are directly within the scope of this regulation.
To put it simply, the law requires data controllers to declare in advance the creation of any computerized file containing personal data and to inform the persons whose data is processed. It also provides for a right of opposition for the benefit of these persons, the obligation to collect data fairly and to respect the declared purpose of the processing, it opens a right of access, rectification and deletion of data and, finally, limits the duration of their storage.
Non-compliance with the provisions of the law is punishable by penalties and fines for a company and five years' imprisonment for its legal representative. And to these criminal penalties are added pecuniary administrative penalties, the amount of which can reach 5% of the company's turnover!
The procedure to follow
The compliance of the customer file with this law is therefore a guarantee of legal security for the company and its customers, reassured to see that it respects their privacy.
To ensure this compliance, the most delicate aspect is to identify the processing of personal data, possibly carrying out a technical and legal audit, and to put in place procedures to legally secure their use (personal data protection charter, information notice, processing monitoring tool, training program for operational staff, drafting of standard clauses...). And when the company has designated a data protection officer, it is up to it to ensure this compliance.
Expert Opinion
Several sensitive issues must imperatively be addressed to ensure the legal compliance of actions involving customer data. By way of illustration, the processing mentioned below cannot be implemented without prior legal support:
• Processing that makes it possible to better know and serve its customers or prospects, for example profiling (segmentation by scores), loyalty programs, customer relationship management tools and processes... This processing is the breeding ground for violations of the Data Protection Act. Thus, a scoring process, when it involves risks of exclusion to the detriment of certain categories of the population, in principle requires prior authorization.
• Processing that makes it possible to increase its market share: sale, rental, pooling of files and internet marketing campaigns. Again, this processing involves the completion of formalities and the authorization and/or information or prior agreement of the persons concerned.
• Processing that makes it possible to manage its customer risk or to prevent the risk of fraud by setting up professional alert systems. This processing may include sensitive and/or potentially stigmatizing data incompatible with respect for individual freedoms. The possibility of using them and, if necessary, the methods of their use must be subject to extremely rigorous legal supervision.
Posted January 19, 2009
entreprendre.ma
Thus, significant investments are made by companies to create files listing, beyond the identification data of their customers, a multitude of information concerning them such as their professional activity, their purchasing habits and their centers of interest. By grouping this information, the company today aims to anticipate the future needs of its customers.
However, the customer file is a tool of prudence and the need to reconcile customer relationship performance and the protection of personal data is essential.
Strict Regulation
The use of the customer file can indeed jeopardize the individual freedoms of the persons concerned. The law constitutes the pillar of the regulation concerning nominative data.
Customer files, given the information they contain, are directly within the scope of this regulation.
To put it simply, the law requires data controllers to declare in advance the creation of any computerized file containing personal data and to inform the persons whose data is processed. It also provides for a right of opposition for the benefit of these persons, the obligation to collect data fairly and to respect the declared purpose of the processing, it opens a right of access, rectification and deletion of data and, finally, limits the duration of their storage.
Non-compliance with the provisions of the law is punishable by penalties and fines for a company and five years' imprisonment for its legal representative. And to these criminal penalties are added pecuniary administrative penalties, the amount of which can reach 5% of the company's turnover!
The procedure to follow
The compliance of the customer file with this law is therefore a guarantee of legal security for the company and its customers, reassured to see that it respects their privacy.
To ensure this compliance, the most delicate aspect is to identify the processing of personal data, possibly carrying out a technical and legal audit, and to put in place procedures to legally secure their use (personal data protection charter, information notice, processing monitoring tool, training program for operational staff, drafting of standard clauses...). And when the company has designated a data protection officer, it is up to it to ensure this compliance.
Expert Opinion
Several sensitive issues must imperatively be addressed to ensure the legal compliance of actions involving customer data. By way of illustration, the processing mentioned below cannot be implemented without prior legal support:
• Processing that makes it possible to better know and serve its customers or prospects, for example profiling (segmentation by scores), loyalty programs, customer relationship management tools and processes... This processing is the breeding ground for violations of the Data Protection Act. Thus, a scoring process, when it involves risks of exclusion to the detriment of certain categories of the population, in principle requires prior authorization.
• Processing that makes it possible to increase its market share: sale, rental, pooling of files and internet marketing campaigns. Again, this processing involves the completion of formalities and the authorization and/or information or prior agreement of the persons concerned.
• Processing that makes it possible to manage its customer risk or to prevent the risk of fraud by setting up professional alert systems. This processing may include sensitive and/or potentially stigmatizing data incompatible with respect for individual freedoms. The possibility of using them and, if necessary, the methods of their use must be subject to extremely rigorous legal supervision.
Posted January 19, 2009
entreprendre.ma
