M&A, Data Protection and online shopping

Kenyan consumers are increasingly turning to online distribution channels such as Kilimall, Jumia and Rupu to select and buy products. The traditional sales model of wholesale has been disrupted.

FMCG businesses have to adapt to these new selling methods. Social media and its effect on how consumers select and experience their products is a direct FMCG issue. Facebook and Instagram have transformed the way in which branded products are presented to the consumer. Retail shelf space is slowly becoming a thing of the past with social media opening up new opportunities carrying the potential to increase sales and lower costs. With sales migrating online, there is a direct contact and interaction with a consumer through the user visiting the brand owner’s website. And when the consumer opts-in, interactions and e-marketing is made possible through email and text messages. The result is that an FMCG business will be receiving and processing personal data. The Kenya Information and Communications (Consumer Protection) Regulations provides for the opt-in principle in which an FMCG business can market to a consumer electronically but only after having accorded the consumer an opportunity to accept or reject inclusion in the marketer’s mailing list.

Looking at Google’s Terms of Service for example, for a consumer to use the service, he/she has to agree that Google can use the person’s data in accordance with their privacy policies (usually by ticking a little check box that at the bottom of the screen). Their privacy policy indicates that they use the information they collect from all their services to provide, maintain, protect and improve them, to develop new ones, and to protect the company and their users. They also confess that they use the information to offer consumers tailored content like more relevant search results and adverts.

Data protection and electronic direct marketing compliance of the FMCG business are therefore key considerations. A key requirement in the UK is for certain information to be provided to data subjects (the individuals to whom the personal data relates) about the types of data collected and the purposes for which the business processes those data. In addition, circumstances where personal data may be disclosed to a third party will also need to be ascertained. As noted in  previous posts, data breaches are potential deal breakers in a target business, and it will be appropriate to ascertaining as part of due diligence, which third parties process personal data on the FMCG business’s behalf.

Leave a Reply