What is LGPD and the impact on digital business?

General Data Protection Law

Respond quickly: have all the contacts in your lead base given their data voluntarily and aware of the purpose for which they were informed? If the answer is no, stay tuned. The review of your lead base is just one effect of the entry into force of the new data protection law – the LGPD. To learn more about what LGPD is, see this article.

Sanctioned in August 2018, the General Data Protection Law determines the rules for obtaining, processing, storing and sharing consumer information collected by companies. This is the Brazilian response to a global trend in the regulation of the use of personal data. The standard serves both digital and physical businesses and aims to bring more security and privacy to customers.

LPGD will not only change the way you maintain your lead base, but it will impact other marketing and sales strategies. Some more and some less.

What is LGPD?

The General Data Protection Law was enacted as Law 13.709/2018. It is expected to take effect in September 2020, but this date has been postponed to May 2021.

The document, known as the Brazilian GDPR, is inspired by this international standard. The General Data Protection Regulation (GDPR), which entered into force in 2018, was an effort by the European Union to ensure greater privacy to its citizens by setting rules and sanctions on companies’ handling of consumer personal data. As of October 2020, it has been applied more than € 300,000 in fines for breaking the law, according to the tracker application of GDPR.

Important concepts

The LGPD conceptualizes what personal data is, determines the hypotheses, or legal bases, in which companies are authorized to handle such information, and defines what data processing is and the roles of companies according to the relationship they maintain with these Dice. Learn a little more about these concepts below.

Personal data

Like GDPR, Brazilian law has taken an expansionist approach to the concept of personal data. For the law, all information that, if related, allows the individualization or identification of a person is called. Examples of personal data are name, surname, date of birth, document numbers such as CPF, RG, CNH, Work Card, passport and voter registration card, residential or business address, telephone, email, cookies and IP address.

Legal base

These are the 10 hypotheses that authorize and condition the processing of data.

Data processing

It encompasses all data manipulation actions. From collecting, storing, sorting, using, reproducing, sharing. Any such action must be supported by a legal basis.

Treatment agents

Depending on the action taken by an agent, there will be a level of responsibility. In this case we have:

Controller

It is the company that decides what will be done with the data.

Operator

It is the company that performs data processing in accordance with the controller’s request.

LGPD impacts on digital business

For digital businesses, especially the Marketing and Sales teams, the legal bases that are more directly linked to industry practices are “consent”, “contracts” and “legitimate interest”.

  • Consent: clear and unambiguous statement by a person who agrees with the use of their data for the purposes proposed by the company;
  • Contracts: data can be processed only to fulfil an obligation set out in a contract or to validate the entry into force of an agreement;
  • Legitimate interest: this is the most flexible legal basis. It allows the use of data without the need to obtain consent.

The level of compliance with the LGPD will depend on the policies already adopted by the companies regarding data processing. See some of the initiatives to be taken and plan to implement them before the law goes into effect.

Content adaptation

Landing Pages, forms, email marketing. All these tools must undergo an adaptation. It is necessary to make clear the purpose of collecting the data and that, at any time, the holder of the information can remove them from the database.

Lead base review

More than ever you will need to review your lead base. To be within the law, it is crucial to ensure that there is explicit consent to obtain such data. For those companies that have decided to adopt the services of ‘data brokers’, or the purchase of contact lists, this authorization most likely does not exist.

In this case, after a review, it is possible to take a retroactive consent action. This is an email marketing campaign to obtain such consent. The strategy can either have a direct message inviting the lead to continue on base to continue being contacted by the company or offer a discount coupon for the same purpose.

It is important that the email has a CTA that directs the opt-in and a clear message that the unsubscribe will be done quickly and easily when the lead wants. Respecting the lead’s will must be undeniable under the risk that your domain will be blocked by an email server.

Co-marketing actions

It’s good to remember that sharing is also a type of data handling. So, let’s say that two companies are carrying out an action together and between the pieces, they created a Landing Page to capture Leads. If there is any form to fill out, it must clearly indicate each and every company that will be receiving this data.

Targeted Ads

One of the biggest challenges in adapting to the law, largely due to the importance of segmentation for the success of campaigns. It is not yet known how the law will be received by Facebook users, for example, but since the social network is one of the largest sources of targeted data, this could influence the assertiveness of the display of ads. If a large number of people choose not to keep their data stored, it will be more difficult to delimit audiences for ads to be displayed.

One of the foundations for the creation of the LGPD is transparency. If, in any way, the law will make data access difficult, it will also create opportunities to improve lead capture and maintenance strategies by promoting a new way of thinking and acting.

Related Posts