In this guide, you will understand more about the LGPD, from the inspiration for its creation, through the areas it may have affected the most, to the way it works and acts if punishments are necessary in some scenarios.
Some of the main points of our guide were discussed at the event Impacts of the General Data Protection Law on Brazilian brands, held in the IBM auditorium, and which was attended by names such as Marcel Ghiraldini, Henrique R. Mascarenhas (event mediator), Éber Gustavo and Rodrigo Azevedo.
The General Data Protection Law
The LGPD determines that data has a life cycle, it is created with a purpose and must be deleted after its use. Information about data use must always be transparent and failure to comply with the law may result in penalties. After all, extra care must be taken when dealing with personal data.
The General Data Protection Law emerged in a political and economic scenario where it russia whatsapp number was crucial for factors such as, for example, how much our market would suffer if we were unable to process data from citizens living in Europe.
Monitoring this area is very important because it involves the sensitivity of data use. In addition to being everyone's duty, the public prosecutor's office is responsible for monitoring the law in general and the data protection law. It is important to emphasize that this issue also involves consumer protection entities!
Contrary to what many people may think, nothing has died because of the emergence of the LGPD, and this includes marketing strategies. For example, for email marketing campaigns, it is necessary to be aware of how personal data is acquired and the purpose of the strategy in question.
Therefore, companies need to be aware of the origins of the information used in their campaigns in order to obtain consent for the use of this data. It is also important that customers know the steps that will be taken and the forms of communication that will be carried out.
Still on this list of areas that, despite what it may seem, will not end due to the LGPD, we can also include digital marketing . The fact that things change does not mean that they have to cease to exist. In this case, brands are required to take responsibility for organizing their databases and always remembering that the data does not belong to them.
The differences between LGPD and GPDR
Those who have a lot of contact with data have heard about the General Data Protection Regulation , the data protection law in force in the European Union and the inspiration for the creation of the LGPD. However, there are some differences between the two laws.
There are subtle differences, such as the GDPR's imposition of 72 hours for companies to notify authorities about data breaches, whereas, in Brazilian law, this notification has no time requirement, it must be reasonable despite being indefinite.
There are some distinctions in detail, such as the requirement under Brazilian law that companies have a person in charge of ensuring good practices, providing services and receiving complaints. Despite this, the GDPR text is still more detailed, reaching 80 pages.
Some sanctions are more lenient in Brazil, where fines range from warnings to data deletion and can reach 2% of total revenue. Under European law, fines can range from €20 million to 4% of a company's annual global revenue.
Furthermore, one of the main differences involves the legal basis for data processing. While the GDPR includes only explicit consent, contractual performance, public task, vital interest, legal obligation and legitimate interest, the LGPD, in addition to these six, includes four more: studies by a research body, exercise of rights in legal proceedings, health protection and credit protection.
Finally, while the law in force in the European Union grants the right to have data forgotten, that is, it gives the user the option to delete information that is no longer relevant, the LGPD does not provide this right for Brazilian users.
Lookalike profiles
Lookalike profiles are those created based on the individual behavior of each user. They are tools for those who run campaigns on social media and Facebook Ads. These were the focus of discussions at the event Impacts of the General Data Protection Law.
Profiles are still allowed, but organizations find these lookalikes and create macro profiles, without sharing the data of their users that originated the final product and sending the latter out. Still, it is important to study the impacts of the law and know about consent when it comes to any matter involving data.
Market research
At first glance, it may be suggested that the General Data Protection Law may affect institutions dedicated to market research carried out on the web. However, these surveys are carried out taking into account information from the selling company, that is, they take place at a final stage of the purchase decision. This factor ensures that the surveys are carried out without any impediments.
It is important to remember that there were rules involving data confidentiality even before the LGPD. This confidentiality has always been a priority for the institutes and the destruction of client data after conducting research is part of the entities' code of ethics.
Defaulting customers
We know that in order for a customer's data to be kept, you need to prove that the customer is active, so how can we deal with defaulting customers in this case? This situation fits into two items of the LGPD: compliance with the contract (if the customer made the commitment via contract, the brand has motivation to use the data) and credit protection (this guarantees brands a legitimate interest in seeking data to allow the collection of what is owed).
Therefore, not all data is acquired by consent, but, as previously mentioned, if the customer requests the deletion of data, the brand has the obligation to do so with those that are related to consent, that is, data provided with consent must be deleted. Those of legitimate interest to the brand, contract data and legal obligations, the brands do not need to delete.
How LGPD affects brands' CRM actions
The law in question does not have any negative effects on CRM data . With it, the information already collected over time must be evaluated and, consequently, invalid records that pollute the database are eliminated. This factor results in more improved control of mining and helps in decision-making, since the company will only have relevant information and valid data.
If you still have any questions about the General Data Protection Law, how about listening to episode 14 of our podcast? In this edition of DoTheMATH, Rodrigo Azevedo (partner and coordinator of the data protection area at Silveiro Advogados) answers thirteen questions about the LGPD for companies, a complete content for you!