Since September 2020, companies' online actions regarding the data of their suppliers, customers, and employees require greater care. This was the milestone since the General Data Protection Law (LGPD) came into effect. Therefore, LGPD also has an impact on inbound marketing.

And for those who have not yet adapted, time is up! Since August 2021, LGPD the a grace period for compliance ended, and now the consequences are in effect!

In other words, currently, those who do not operate in accordance with LGPD's provisions risk facing penalties ranging from warnings to the suspension of their website, databases, and hefty fines. To prevent this from happening to your website, keep reading and learn how to adapt it, along with inbound marketing, to LGPD.

The General Data Protection Law was approved back in 2018, although it only came into force last year. This norm imposes a series of obligations that apply to websites, companies, and organizations in general. It actually affects all types of institutions that have access to and use personal data, such as names, addresses, CPF, phone numbers, etc.

Its goal is to ensure transparency and fairness in how a page with its visitors, for example, uses their data! After all, concerning online data, consider that websites capture information about the users who visit them and also those who use their services.

This data capture occurs in various ways. For example, forms, newsletter registrations, downloading of rich content, whether for informative or commercial purposes. Oh, and cookies as well. Also, through digital marketing tools like Google Analytics.

Thus, LGPD requires that marketing actions aimed at collecting data be reviewed. After all, according to the law, users must now be informed about the types of data the website collects, how it uses them, the purposes for which it applies, the usage period, and - no less important - provide a channel for citizens to request the removal of their data whenever possible.

And all of this, of course, must be done with the user's consent and permission, for those who use Consent as a Legal Basis, and/or well-founded in other legal bases in your industry, and/or complementary. Thus, such compliance and direction must also be expressed so that the page safeguards its rights to use this data, in accordance with the law.

Info

It's worth noting - The use of personal data has not been prohibited but regulated. Therefore, its use requires adaptation and compliance with certain requirements set forth in the law.

LGPD brought requirements regarding transparency and the possibility of using data by everyone, including websites. Therefore, data capture is now under greater control, so that everyone can have an idea of how their data is used and the limits of that use.

That's why it directly affects inbound marketing, i.e., attraction marketing. It encompasses all the actions your company takes to attract the attention of potential customers who, when they become interested in your content, services, or products, sign up or make a purchase. In other words, it's for lead generation.

For example, when you have a landing page for a product or service. Or when you offer exclusive content, such as videos or e-books, in exchange for registration. Similarly, in contact forms.

All of this involves the use of consumer data, right? Therefore, it also requires clarity regarding the use of this information and the precautions taken to maintain the individual's security and privacy.

So, note that everything related to data capture must be explained to the visitor or customer. And this should be done through a Privacy Policy that provides all the information on how the data is processed and stored. And if your service is offered in the digital environment, clarity in the Terms of Use is also essential.

As mentioned earlier, the deadline for adapting pages and their actions regarding user data, according to LGPD, has already ended. Therefore, now all those that are not in compliance with the law are in a risk zone. This risk may not necessarily be completely eliminated, but it can be controlled and well managed.

But how do you adapt your inbound marketing actions according to LGPD to avoid fines and warnings, as well as suspensions? That's what you'll find in the items below, so be sure to check them out and, most importantly, implement these solutions.

First and foremost, your marketing must ensure that it is only collecting data that is truly necessary for the actions to be performed. For example, in a sale, you will need to know card data, CPF, full name, and address.

On the other hand, there is no sense in requesting specific data such as race, sexual orientation, religious or political preferences. All of this is irrelevant for the action you intend to take, so collecting and using data like these is not justified.

When the goal is privacy, less is more - literally.

Similarly, understand that each specific lead will have specific authorizations. But what does that mean? Consider that a visitor to a page subscribes to receive informative content you produce. In this case, authorization relates solely to this type of sending.

Therefore, in this case, you cannot use the registration data to send advertisements for products and services you have or offers you provide. After all, this goes beyond the reason the consumer gave their data.

So, consider that every time there is a subscription for an action, there will be a specific authorization for that purpose. The consumer must give authorization for each act in which their data is disclosed.

In this way, consider that a subscription for informational purposes has an authorization that demonstrates the specific purposes of use; another one for registering for offers; and another one for registering for a purchase.

Unfortunately, many companies register email addresses delivered for other purposes in their newsletters. This should not be done!

Here we have another article to help you with the adaptation of these digital marketing processes that go beyond inbound marketing; it's worth taking a look if you are new to this.

Furthermore, it is essential that your company has a clear and concise privacy policy!

Many companies choose to include it along with the cookie banner links, but that's a matter of preference and taste. Avoid legalese, don't create mazes for your readers, and focus primarily on the accuracy of the information. After all, a policy, when accepted, has implications for both parties, so fulfill what is stipulated there.

Here we have some articles to help you review and understand privacy policies. After all, what is a privacy policy and is there an ideal policy for your company?

One of the main metrics that is impacted by LGPD, specifically by the use of a properly configured Cookie Banner, is Analytics metrics. This happens because the cookie banner, or CMP, must allow the firing of each service's cookies only after the user's consent is given in that specific banner.

As the vast majority of visitors reject or simply ignore them, not all visitors to your site give consent to Analytics. Therefore, the numbers will drop significantly. It is estimated that only 1 in every 5 visitors gives consent. So, don't despair because this is expected, and there are other solutions for analytics that do not use cookies and/or trackers that are blocked in the banner, respecting privacy. One of them is Cloudflare, which, in addition to its performance services, can also provide analytics estimates.

Of course, it will not be of the same quality and traceability as Google Analytics, but you can create a multiplier based on the difference found to analyze the discounted numbers more accurately.

Once the importance of using personal data only for the purpose for which it was actually collected/accessed has been emphasized, it is necessary to highlight that your marketing automation tools must reflect these purposes. Therefore, review your automations and be sure to include them in your Privacy Policy since many of them not only process and store data but also trigger cookies.

Knowing that many companies use their automation tools as CRMs, in fact, with a repository of company data as a whole, avoid storing unnecessary or outdated data. Always seek to clean up useless or "cold" data, which means data that has no consent or has been in the system for a long time.

Remember, having a database with millions of contacts is of no use if it is not engaged and if it has been accessed in a way that is currently illegal. Attention! This number can be a vanity metric, and if its use is not supported by a legal basis, it is wrong.

Therefore, your effort should be to always keep the database active and appropriate. One way to speed this up is to link the consents generated by your site's cookie banner to the registration of personal data of your visitors in your CRM.

Many of our clients already do this, which helps even in responding to customer requests.

With the help of a programmer, access the AdOpt Call-Backs and link the data generated by AdOpt to your site's form submissions. So, every time someone fills out the form, AdOpt will also provide the AdOptID for a hidden and custom field in your form, feeding the CRM with that information associated with the provided data.

Then, with campaigns to encourage visits to linked pages, you can use the AdOpt tool as an additional layer of security, through the generated consent, now attached to that lead.

These were just some points for those looking to start the adaptation of their marketing to LGPD. So, if you have any questions or even suggestions for more points that we can list here to help in this process, send them to us!