Monthly Archive February 2020

LGPD: What does the new Brazilian data protection law say?

People must have control over their personal data and must understand the legal framework of digital businesses. This is because, unfortunately, users’ personal data are often illegally captured, which can compromise their privacy. This whole scenario led to the creation of the General Data Protection Regulation (GDPR) for the European Union, which came into force in May 2018, and now Brazil is preparing to adjust to the new law, very similar to the one that already exists in the Europe. After more than eight years of debates in civil society, Law 13.709 / 2018, the Brazilian Data Protection Law, arrives. The legislation (LGPD) was enacted on August 14, 2018 and is expected to come into effect, definitely, this year. In today’s article, we will know the main points of this legislation.

Concepts of the new law

The holder of the data is the person that the law aims to protect and is the carrier of “personal data that are subject to treatment”, so that legal entities of a collective nature are excluded from the scope of the new law: this law is exclusively to protect people.

The concept of data processing is very important in this legislation and is defined as “any operation carried out with personal data, such as collecting, producing, receiving, classifying, using, accessing, reproducing, transmitting, archiving, storage, disposal, evaluation or control of information, modification, communication, transfer, diffusion or extraction”. This context is very broad and applies to all data processing operations carried out by an individual or collective person, both in the public sector and in the private sector. In order for the law to apply, this data processing must be carried out in Brazilian territory. In the case of foreign citizens, personal data are subject to the new law when they are collected in Brazil and when their treatment is intended to provide goods or services in Brazil.

What will change in practice?

Obligation to delete data when required by the user

Citizens will be able to require companies to delete their personal data, whenever requested by users. The new regulation allows the personal data of each citizen to be destroyed at his request.

Data portability

Citizens may require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it simpler to change service provision. Whenever a citizen changes banks or a television service provider, he or she will not have to provide his/her personal data again, as they can be easily migrated from one company to another.

Need for express user authorization

Citizens will have full information about how companies treat their data, how they store it, how long they store it and with whom they share their information. The new law applies to all activities involving the use of personal data, including treatment over the internet.

Obligation to notify in case of violation of personal data

Businesses and organizations have a duty to notify the competent authority in situations which put individuals at risk and to communicate to the citizen concerned all high-risk violations as quickly as possible so that appropriate action can be taken. In case of data leaks, the company must inform the competent authority (National Data Protection Authority, an indirect public administration body linked to the Ministry of Justice), which will be responsible for monitoring, implementing and enforcing the law , within a “reasonable period”.

What happens in case of default?

In case of data leakage or any other violation of the law, fines may reach 2% of the billing, with a limit of R $50 million, and may also imply the suspension of the company’s activities.

4 steps to store data in the Cloud

The Cloud is an option increasingly used by companies. However, there are still many doubts related to this technology, especially with regard to security. Cloud Computing is an IT solution that allows online use of computing resources, using the Internet. Uncomplicated: wherever you are, you can access your programs and files by simply having an Internet connection. With multiple users and multiple access points, it is essential to take some precautions in order to guarantee data privacy. In today’s article, we present 4 precautions you should take when storing data in the Cloud.

Read More

3 Information Security Lessons We Learned From Black Mirror

You certainly know Black Mirror, a series in which each episode tells us about the use we make of machines and the power we give them. Chatbots, virtual reality and drones are some of the topics covered in this series that make us think about our ethical values ​​and their relationship with technology. Behind each episode, there are several messages to keep in mind, many of which are related to information security. For today’s article, we’ve selected 3 security lessons we learned from Black Mirror!

Read More

4 measures for your company to conform to the GDPR

Although little is said about GDPR today, the law exists and it is mandatory to comply with it. There are many companies that have not yet prepared themselves to protect their data in accordance with the new legislation. The fines are quite high and it is unconscious not to be concerned with the information of your business, as the exposure of sensitive data can seriously compromise the organization’s survival. Therefore, we have prepared this article where we present you 4 measures for your company to adapt to the GDPR!

Read More