Migros-Genossenschafts-Bund (Migros) is Switzerland’s largest retailer and supermarket chain. Structured in the form of a cooperative society, Migros’ customer loyalty program has over two million participating households, covering almost half of Switzerland’s population. Migros’ subsidiaries cover a wide range of markets, including supermarkets, convenience stores, a health care provider, travel agency, bank, ecommerce business and many others. More than 90 percent of goods sold in Migros stores are produced by its subsidiaries.
As the largest employer in Switzerland and the operator of Switzerland’s largest customer loyalty program, Migros understands the importance of privacy to their business.
“Privacy is a very important element to us,” said Matthias Glatthaar, Head Data Privacy and Digital at Migros. “Although we have a diverse group of brands, our loyalty program is at our core, and ensuring that we protect our customer’s personal data is vital for the success of that program.”
As a company that has been around for over 95 years, one of the biggest challenges Migros faced with their GDPR implementation was discovering the many ways in which they process data, and finding a way to centralize their approach to privacy.
“We are a legacy company, so we’ve been around for a long time and we have a lot of fractured and decentralized processes,” said Glatthaar. “With our incredibly diverse group of brands we had to decide how we can feasibly approach our GDPR implementation from a group perspective.”
As the largest and most well-known customer loyalty program in Switzerland, three out of every five transactions are done through the program at Migros’ stores. Migros processes their customer’s data and generates it through their loyalty card, allowing them to use that data for personalized coupons and ads. With the core of their data processing activities done through their customer loyalty program, Migros needed a solution to allow them to responsibly use the data of it’s over 2.8 million members, while still remaining compliant with the GDPR and other regulations.