Facebook is our canary in the coal mine (in America) for GDPR (the new rules for collecting customer data in the European Union)
One of my clients has many contacts and customers in Europe, so we send email newsletters and maintain contact records that are subject to the new General Data Protection Regulation of the EU. (Despite Brexit, the UK has decided--wisely--to comply with GDPR for the foreseeable future.)
If you haven't heard about GDPR... here's a resource to bring you up-to-date: https://beta.techcrunch.com/2018/01/20/wtf-is-gdpr/.
Technically, GDPR only affects companies who have customers and prospects in the European Union (+ the U.K.). However, many people predict that GDPR will become the 'gold standard' for protection of customer data. Despite the fact it may not solve future data piracy problems!
In terms of deciding how to implement GDPR requirements, we in the U.S. may find it valuable to look at Facebooks' very public struggle to comply...
(I didn't hit a paywall on this Financial Times post--I hope you don't either!)
Econsltancy has some very helpful information, including this free post. Plus GDPR training for Econsultancy subscribers.
My point is that GDPR will probably affect your CRM and/or loyalty strategy in the future, and you need to start learning to understand it.