Since the LGPD Law (13.709/2018) was enacted, many retailers have wondered what they should do in their e-commerce to adapt. In this post we’ve compiled the main information and tips you need to know so you don’t have future problems.

The Law provides for the processing of personal data by public and private companies, establishing rules for the protection of such data – which may be from the company’s customers, suppliers and employees.

In other words: everything your e-commerce does with the data it collects falls under the LGPD, such as a simple e-mail collection, an anniversary date or a CPF, for example.

Tips for e-commerces to fit the LGPD

Review the customer datas

The main form of data collection by e-commerce is customer registration. First, reassess the need for each item to be collected.

The new law prohibits the obligation to provide personal data to access services and products. If the store has any mandatory data, it needs to be revised, such as date of birth. Essential data for using the service, such as e-mail to login or address to receive the product, are an exception.

Request authorization to communicate with the user by email, SMS and WhatsApp and remind them, whenever they send a message, that they have already authorized such action. However, it is important to provide an option so that the user does not receive them when he wants to.

A good tip is to add a box for the holder to mark, consenting to the collection of their personal data for sale. The text must make it very clear how the data will be used by the company. It can be at the checkout or checkout page.

Attention to sharing personal data

The company needs to be as transparent as possible about this, as data subjects need to consent to the sharing of their personal data with third parties – as well as how and why this will be done. For example, if your online store outsources the telemarketing service to another company, this sets up data sharing. If your store uses an Anti-Fraud partner, your customer will also need to know about this.

By the way, here it is worth saying that when sharing information with third parties, your e-commerce remains responsible for this data. Therefore, all partner companies also need to comply with the LGPD. Review compliance policies and good security practices for all of them.

Set a deadline to respond to requests from data subjects

LGPD also determines that when requesting information about the treatment of your personal data, a time period is set for companies to deliver this information to the customer.

An important tip to help in this task is the creation of a data map, as it allows the responsible sector to be able to readily identify the data used, the categories in which they fit, as well as optimize the existing processes.

Strengthen the security of your e-commerce data

The correct mapping of personal and sensitive data that is throughout the e-commerce IT infrastructure – that is, in databases, servers, workstations and communication channels between employees and customers – needs to be done so that find gaps in data protection.

From there, you can invest in data monitoring tools, preventing incidents and anticipating problems that may occur. Example of partner partnering with VTEX

Review the Privacy Policy and Terms of Use in your e-commerce

The link with the Privacy Policy that needs to be on all sites should be reviewed:

  • purpose of collecting cookies and how the brand will treat them;
  • purpose of collecting registration and how the brand will treat it;
  • purpose of collecting the wish list and how the brand will treat it;
  • purpose of collecting newsletter, contact and other forms and how the brand will treat them;
  • option for customers to know what data the company has about them and delete them;
  • the actions that protect data internally and externally.

This also includes the cookie policy. Don’t forget to include that message on your e-commerce homepage about collecting cookies, asking users for consent.

This cookie policy helps to explain to users how these cookies are being used and how the information collected is being managed by the company.

Consult your legal department or an lawyer

They are in charge of advising on what your company will need to do more, legally speaking.

What happens if the LGPD is not met?

If the legislation is so strict, failure to comply with it generates very severe penalties. Punishments include 2% of the company’s revenue or up to R$50 million per infraction, depending on its severity. The collections should probably start from January 1st, 2021, but the adaptation should start now, so stay tuned and fit in!

If you need to implement any changes in the store via the front, contact us and contact us to receive a quote.

Fontes de consulta: