10 Marketing Processes You Should Rethink under the LGPD!

10 Marketing Processes You Should Rethink under the LGPD!

9 months ago
8 minutes

One of the biggest dilemmas for those who start studying and understanding the LGPD more deeply is the realization that, as challenging as the compliance process may be, it is only the beginning. Yes, a series of changes and adjustments should now become part of the company's routine. There are several marketing processes involving personal data that you must reconsider now because of the LGPD!

Therefore, compliance with the LGPD goes beyond setting up a cookie banner or updating the privacy policy. Depending on the size of your company, numerous processes need to be reviewed and adjusted to the new realities established by the law.

The bureaucracy may seem extensive and never-ending for companies. However, we always need to put ourselves in the shoes of visitors, data subjects. Remember, both you and I are data subjects before being companies or professionals – we are citizens! The LGPD's priority is precisely to empower data subjects so that they, as individuals, have full rights and access to the necessary information regarding the use of their personal data.

That's why we're here!

Let's be the professionals who see the legislation as a new opportunity to raise the bar, to apply our knowledge with quality and respect to our clients and visitors!

The LGPD has brought new rules, new marketing processes, new positions...

So, how can we not anticipate the new standards and the new quality references that will ultimately be perceived by our clients?

One of the beautiful concepts, such as Privacy by Design (we've already discussed it here on the blog), can and should always be brought to the forefront!

That being said, I want to help you! Below, then:

The 10 marketing processes you should rethink because of the LGPD!

1 - Sharing data lists with suppliers and third parties (freelancers, real estate agents, salespeople...)

If by this point it's not already obvious to you, I don't know how else to make clear the risk of this type of sharing. After all, the visitor has provided their personal and sensitive data to the company. They have no way of knowing that you have numerous other people hanging on to your mailing list.

So be very careful with this practice! Especially if there is no confidentiality or liability agreement between the parties involved!

It may be that your business model requires this distribution of data, so reinforce it - clearly, in your policy and terms! Remember, when in doubt, prioritize privacy!

2 - Receiving customer email lists to upload to Facebook for matching and look-alike audiences.

Does this list have consent for Facebook actions? What is the origin of the list? You may have noticed that since GDPR, Facebook has already been questioning advertisers when they upload email lists... I wonder why, right?

Whether you are a marketing department or a third-party agency to the client, always question these lists and avoid extending the channels of direct communication with the customer as much as possible, as it may violate consent and/or the legal basis that supports the use of the data.

3 - Buying cold lists to send emails, SMS, and SPAM. (If it was a crime before, now it's even more so)

Who hasn't thought about "obtaining" a contact list, cast the first stone! Or even, who has never been approached by companies that sell these cold leads!

Lucky are those who generate quality content and transparency to the point where visitors trust the company with their data...

It's no wonder that email marketing tools have numerous warnings to avoid spam. It harms everyone's reputation, and the internet has no patience for spam, agree?

4 - Exchanging email lists for sending articles and newsletters with partners and clients.

(A practice that may seem innocent but can violate the rights of data subjects)

It may seem innocent, but it's only an appearance! Just like the points above, data subjects have entrusted their data for that exclusive purpose. Any interaction that goes beyond that can directly violate the rights acquired through consent and/or legal basis.

5 - The agency as a whole has access to clients/visitors' email lists.

(Access levels for sensitive data - responsibility contract)

Here we enter the realm of management and processes! Several marketing tools allow us to create hierarchies within their user accounts. This is precisely because each person has their level of activity and responsibilities.

It is a fact that many companies today work with decentralized or even horizontal management. But when things go wrong, who will be held responsible? Avoid problems by reviewing approval levels and access to data according to your team's responsibilities. After all, the actions of one employee affect the entire organization, and this should be considered as a contingency.

6 - Hiring freelancers and professionals with high turnover without a data responsibility contract with clients.

(The infamous "flash drive")

This point is quite similar to the previous one bu,t has an even greater detail. Third-party professionals have limited or even extended responsibilities based on their contracts and the criteria they are bound to. So, every time a third party has access to your company's database, what security do you have over that data?

What guarantee does the data subject have when the data is exposed? Yes, it's basic! But there have been many cases of Employee X or Agency Y who deleted everything before leaving or took everything with them. And then? Was there a contract?

7 - CTAs in campaigns and ads saying "leave your contact information below if you want to receive..."

This CTA (call-to-action) may seem "cheesy," but it is still widely used, and as they say, "if there's a rule, it's because there's a story behind it," meaning it works.

Be cautious with this kind of approach, especially if your audience is less tech-savvy and unaware of the risks of the internet.

Remember the case of people providing their data on a Facebook post to get a superhero credit card? Well, you don't want your company's reputation to be associated with an opening for scammers.

8 - Offline actions without a strong data collection guideline (legal basis) or associated consent.

The LGPD is not only applicable to the online environment. So, which offline, in-person actions should also be adapted to comply with the guidelines? Do you use registration forms? What is the data collection process in physical environments?

Every company has its own reality, but I have seen companies using "offline" consent forms (actual printed forms) to be attached to visitor registrations! Or even collecting all registrations via tablets, where consent is also recorded in the CRM.

Our radar should be tracking both online and offline! If you bring everything online, for example, through QR codes, you can use the AdOpt cookie banner as your consent tool and also implement tracking tags on the same landing page!

Perhaps this way, you can not only automate the opt-in process but also have authorized remarketing at the same time!

9 - Maintaining email just because.

The days when that Excel spread sheet full of emails from the 90s was considered a treasure for a company are gone.

Aside from being a vanity metric, it is also a significant cost within automation tools. Outdated and cold email lists pose a huge risk to the organization today. Avoid it, eliminate all of that, and make an effort to obtain updated consent from your active base as soon as possible!

Don't say I didn't warn you!

10 - Including personal data (such as personal cell phone numbers) in the Company's organizational chart without obtaining approval in the employment contract.

Some companies like marketing agencies, have their organizational chart, a source of joy for SDRs when making those old-fashioned cold calls and scheduling appointments for the Field Sales team! #WhoHasNeverDoneThat?

If you're not familiar with it, let me explain!

Many agencies, especially the larger ones in São Paulo/BR, still have the infamous "organizational chart" displayed at the reception.

Accessing this file brings great joy to the sales team because it not only reveals the decision-makers but also provides their contact information!

However, there is also a potential danger lurking here!

If your organizational chart contains not only employees' professional data but also the personal cell phone number of an employee who didn't want to use two phones, for example...

Is this sharing of personal data specified in the employment contract?

It may not be a problem now, but in times of crisis, labor law can utilize all available resources. Why wouldn't it consider this aspect as well?

In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.

Do you remember any other processes that could be included in this list?

Comment below, maybe it will help colleagues in the journey of compliance!


Data Protection Officer - DPO

Related posts

Adopt post

Understand the meaning of the LGPD for your company

Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?

Adopt post

Best practices in tag categorization

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

Adopt post

The Differences Between Data Controller and Data Processor - LGPD

Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.

Adopt post

What is the difference between cookies, local storage, and session storage?

Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!

Adopt post

GDPR, LGPD, and CCPA: What Are These Laws, Similarities, and Differences

LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.

Adopt post

Data Mapping or Data Inventory - a life jacket for the DPO!

With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.

Adopt post

What is a privacy policy?

A privacy policy is a document that outlines how an organization collects, uses, discloses, and manages a customer's data. It's essential for building trust with users and complying with legal requirements. However, if you're not familiar with it, don't worry as we're here to help you.

Adopt post

Responsibilities of a data protection officer.

Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.

Adopt post

ROPA in LGPD? Get to Know the Records of Processing Activities.

Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them are imported from other countries and regulations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.

Adopt post

Understand the legal bases of the LGPD

At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.

Adopt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Adopt post

How to delete cookies and cache in Chrome and other browsers?

Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?

Adopt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

Adopt post

Fines in LGPD - What are they, amounts, and compliance deadlines

In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).

Adopt post

Key Differences between LGPD and GDPR and the Impact on Internet Cookies

While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.

Adopt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

Adopt post

LGPD for marketing | A practical guideline.

Every day, millions of users generate data on the web, which is used by companies around the globe to improve their offerings. Therefore, in 2018, a law was created to regulate the use of personal data by companies, and this directly impacts digital marketing. We're talking about LGPD.

Adopt post

The impact of privacy regulations, like LGPD, GPDR... on Inbound Marketing

Those who do not operate in accordance with LGPD's provisions risk facing penalties ranging from warnings to the suspension of their website, databases, and hefty fines.

Adopt post

LGPD: An Opportunity for Digital Marketing Agencies!

Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.

Adopt post

5 Signs Your Website Needs an Cookie Consent Strategy

How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.

Adopt post

Why Give Consent on Every Website I Visit?

Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.

Adopt post

Google Consent Mode: Guida per Principianti ed Esperti.

Con le leggi sulla privacy che fioriscono in tutto il mondo, Google (Alphabet) si è finalmente trovata obbligata ad adattare i suoi strumenti per essere conformi alle nuove normative come GDPR, LGPD, CCPA, PIPEDA, DPDPA, ecc.

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love