LGPD: 6 Marketing and Sales Strategies You Shouldn’t Do

For you and your company to avoid headaches, it’s important to know how to use the law’s guidelines to maintain your Leads base and also have control over what not to do.

The purpose of this post is for information purposes only – we do not provide legal advice nor are we responsible for measures that may be taken by third parties.

Data protection regulations are transforming how people relate to their data and, as a result, the way companies treat that data. With the entry into force of the General Data Protection Law (LGPD) on September 18, 2020, the dynamics of the Marketing teams with their Leads base changed.

For you and your company to avoid headaches, it is important to know how to use the law’s guidelines to maintain your Leads base and, also, have control over what not to do. A bad example serves to teach us, doesn’t it?

With that in mind, we’ve listed 6 activities that should be avoided, modified (or even abolished) with the LGPD in place.

1. Buy Lists with Leads Data

If this isn’t the worst activity on the list, it certainly ranks among the worst. Buying lists was already considered a bad Marketing and Sales practice, but the LGPD further reinforces the illegality of this activity.

The biggest problem in this process is the acquisition of personal data without the knowledge and authorization of the data subjects, that is, the people who own the data. Remember that any data that can be correlated with a person is considered personal data (such as email or telephone). Therefore, you need the person’s authorization to collect, store, call, send e-mails or make any treatment with this data.

At the end of the day, every company aims to accelerate its business strategies. However, there must be an ethical limit to how this can and should be done.

2. Share Leads Data Without Authorization

If a Lead converts into a Landing Page for your company, you cannot pass the collected data to other companies without making it clear to them – even if they are partner companies. The Lead must be aware of and have authorized the sharing of their data. After all, the data is his.

Leads data sharing between companies tends to be more common when, for example:

  • After a co-marketing action –  It is necessary that the Lead when converting into a Landing Page in which there is co-marketing is aware of which companies are involved, and also that the data collected will be shared with both.
  • After an event – Let’s assume that your company holds an event for your segment. At the event, you structured space for sponsoring and supporting companies. After the event, you decide to share the registration list with all companies that supported the event, without the participants knowing or consenting to this.

. Send emails to Leads without valid legal basis

With the LGPD, the processing of personal data is allowed only in the cases described in the law, the famous legal bases. In other words, in order for you to communicate with your Leads, you must find out which hypothesis of the law authorizes this communication. The legal bases of the LGPD were already the subject of another post here on our blog.

In Europe, the processing of personal data with an “insufficient legal basis” is one of the main reasons for punishment. For example, Tim made several commercial communications in Italy between 2017 and 2019 without authorization, in addition to other activities that violate the GDPR, resulting in the payment of a fine of €27,800,000.00 in January 2020.

To avoid headaches (and your pocket), it’s always important to ensure you have a valid legal basis before sending emails to your Leads. The post LGPD: The importance of principles in the adequacy of legal bases explains important criteria to help you in this analysis.

4. Collect data that is not necessary for your operation

You know that data that you think you’ll use in the future, but you don’t have any use cases mapping yet? For example, that phone field that is present on all of your Landing Pages, when your company’s business process does not involve any telephone contact? The LGPD’s principle of necessity makes it clear that data that is not necessary for its current operation should not be collected.

Using relevant data in decision-making can bring surprising results, especially in Digital Marketing. This is all the more reason for you not to clutter your database with unnecessary data. Now, it is important to understand the real need for data collection, considering the purpose of the treatment authorized by the Lead.

How about taking this opportunity to remove the fields that don’t provide useful information and make your Lead’s life easier when filling out the forms?

5. Use data from your Leads for other purposes

Imagine that a company conducted a survey on food purchasing behavior with 500 people in a large metropolis. After collecting data for research, the Marketing team starts sending offers of the company’s products to respondents.

If respondents have not authorized the data collected during the survey to be used for marketing purposes, the company could not be doing this treatment.

The first three principles of the LGPD  (Purpose, Adequacy and Necessity) discuss the obligation of processing personal data to be carried out for purposes that are clear and compatible with the stated purposes, limiting it to the minimum necessary for the fulfillment of its purposes.

In other words, if the use of personal data was authorized for research purposes only, the law advises that they should not be used for other purposes, such as marketing and sales.

6. Referrals without knowledge of the nominee

A widely used practice to increase lead generation is the referral strategy, which consists of asking (via Landing Page, form, etc.) for a person to indicate another person who may be interested in your offer.

The problem here lies in the fact that your company will receive data from people who may not be aware that they are being referred. In the case of referral, the ideal is to ensure that the person is aware that their data is being passed.

For example, you can add an accountability checkbox where the person you are referring ensures that the referred Lead is aware. Also, a good practice might be a welcome double opt-in email for the referred Lead, with the name variable of the person who made the referral.

It’s not enough to know what not to do about the LGPD

So, did you like the tips? Remember that just not executing any of these bad practices does not guarantee that your company or your digital marketing strategy is in compliance with the LGPD. It is necessary to consider the Data Protection guidelines in all activities that include personal data, such as collecting, storing, sending communications, among others.

And if you have Leads or Leads data that fits any of the activities listed, it’s time to rethink and adjust your strategies as soon as possible. Each company has specific realities and needs to comply with the law, however, there are very positive medium/long term perspectives for companies that seek to leverage their results and metrics within the law.