Brightpearl uses Amazon MWS API to integrate directly with Amazon to have the broadest possible feature set: managing inventory, orders, fulfillments, and more. Amazon is introducing sweeping changes to their Data Protection Policy, which all third-party vendors must comply with. In response to these requirements, Brightpearl is making changes to how we handle PII (Personally Identifiable Information), in order to be fully compliant with Amazon’s new security standards.
What is PII?
Amazon defines PII as “information that can be used on its own or with other information to identify, contact, or locate an individual (e.g., Customer or Seller), or to identify an individual in context.”
This includes, but is not limited to:
- Buyer’s First and Last name
- Buyer’s email address
- Buyer’s phone number
- Buyer’s Address Line 1, Address Line 2
- Gift message content
- And more - please check out Amazon’s DPP page for more information.
What are the changes that Amazon is making?
According to the new policy, for all Amazon orders the above information can be retained by 3rd party platforms for only as long as it is necessary to fulfill orders, and there is also a 30-day limit on PII storage.
How will this affect the Brightpearl connector?
This change will cause several changes with how Amazon customer data is retained in Brightpearl:
- FBM and FBA orders will contain customer’s PII for 30 days after the order is marked as fulfilled or cancelled - after that the PII will be obfuscated
- For all historical Amazon orders (orders placed days, months, years before the new setting is on) that have been fulfilled, customer’s PII will be obfuscated 30 days after the feature is enabled
Affected areas (what data will be obfuscated):
- Order contact information
- Contact record
- GONs: Customer name, email, full address
- Order Invoice: Customer name, email, full address
- Order Payment : Customer name from
- Accounting journals: Customer name, email, full address from
- Order gift message custom field: gift message content
Note: All Amazon customers' data will be obfuscated. Amazon customers have unique, Amazon-generated email addresses. If you manually changed an email address for an Amazon customer to reflect their real email address, this data will be obfuscated as well.
- A customer purchases from you via Amazon and Shopify.
- You want to merge same customer record into one.
- You go to Amazon order and update customer email address to the same email they used to place a Shopify order.
- Now in Brightpearl there is one contact record that has a history of Shopify AND Amazon order.
- When obfuscation job is rub, ALL Amazon buyers' data (buyers that are linked to Amazon channel orders) will get obfuscated.
- So the contact record for the buyer on Shopify and Amazon will be obfuscated as well, because Brightpearl is looking for Amazon channels order and ALL customer record under Amazon channels will be obfuscated.
The above change will happen automatically, no need to make changes to your Amazon settings.
How will the order look like in Brightpearl?
Note: Only City, Stare, and Country will stay on a contact record.
What about GDPR?
As a UK company, Brightpearl must abide by the requirements of the EU GDPR (General Data Protection Regulation). Therefore we must furnish you with the data we have collected on your behalf. You will have an opportunity to export the customer data prior to us deleting it by going to your Brightpearl account > Sales orders or “List all customers” view > “Show filter” > “Configure columns” if necessary > “Export”.
Do you think Amazon is doing the right thing? It’s so inconvenient!
This is definitely the right thing for Amazon to do! Data security and privacy is more important than ever. Amazon is protecting customers’ data on our behalf, and as a result, these policies make e-commerce operations more secure and liability-free. In addition, Brightpearl is taking an active stance to be compliant with platform policies, and prevent any damaging interruption in connectivity with Amazon API for our valued customers.