Brightpearl uses Amazon MWS API to integrate directly with Amazon to have the broadest possible feature set: managing inventory, orders, fulfillments, and more. Amazon is introducing sweeping changes to their Data Protection Policy, which all third-party vendors must comply with. In response to these requirements, Brightpearl is making changes to how we handle PII (Personally Identifiable Information), in order to be fully compliant with Amazon’s new security standards.
What is PII?
Amazon defines PII as “information that can be used on its own or with other information to identify, contact, or locate an individual (e.g., Customer or Seller), or to identify an individual in context.”
This includes, but is not limited to:
- Buyer’s First and Last name
- Buyer’s email address
- Buyer’s phone number
- Buyer’s Address Line 1, Address Line 2
- Gift message content
- And more - please check out Amazon’s DPP page for more information.
What are the changes that Amazon is making?
According to the new policy, for all Amazon orders the above information can be retained by 3rd party platforms for only as long as it is necessary to fulfill orders, and there is also a 30-day limit on PII storage.
How will this affect the Brightpearl connector?
This change will cause several changes with how Amazon customer data is retained in Brightpearl:
- FBA orders will be downloaded with customer’s PII hidden (obfuscated)
- FBM orders will contain customer’s PII for 30 days after the order is marked as fulfilled or cancelled - after that the PII will be obfuscated
- For all historical Amazon orders that have been fulfilled, customer’s PII will be obfuscated 30 days after the feature is enabled
Affected areas (what data will be obfuscated):
- Order contact information
- Contact record
- GONs: Customer name, email, full address
- Order Invoice: Customer name, email, full address
- Order Payment : Customer name from
- Accounting journals: Customer name, email, full address from
- Order gift message custom field: gift message content
The above change will happen automatically, no need to make changes to your Amazon settings.
What about GDPR?
As a UK company, Brightpearl must abide by the requirements of the EU GDPR (General Data Protection Regulation). Therefore we must furnish you with the data we have collected on your behalf. You will have an opportunity to export the customer data prior to us deleting it by going to your Brightpearl account > Sales orders or “List all customers” view > “Show filter” > “Configure columns” if necessary > “Export”.
Do you think Amazon is doing the right thing? It’s so inconvenient!
This is definitely the right thing for Amazon to do! Data security and privacy is more important than ever. Amazon is protecting customers’ data on our behalf, and as a result, these policies make e-commerce operations more secure and liability-free. In addition, Brightpearl is taking an active stance to be compliant with platform policies, and prevent any damaging interruption in connectivity with Amazon API for our valued customers.