Blog

The General Data Protection Law (LGPD) in Brazil



By Marcelo Carvalho, DATAPEERS commercial in Brazil

The LGPD (Law No. 13.709, of 08/14/2018) entered into force in Brazil on September 18, 2020 and with this we became part of a select group of countries that have specific legislation for the protection of personal data of its citizens.


The main goals of the LGPD are:
• Ensure the right to privacy and protection of users’ personal data through transparent and secure practices, guaranteeing the fundamental rights of Brazilians;
• Establish clear rules regarding the processing of personal data;
• Promote competition and free economic activity with data portability;
• Strengthen the security of legal relationships and the holder’s trust in the processing of personal data;


LGPD compliance is not an option. A company that does not comply with security regulations is subject to a fine of up to 2% of its revenue and amounts that reach R$50 million, and may have its activities suspended by the National Data Protection Authority.

The Importance of Data Anonymization and DATAPEERS


The General Law for the Protection of Personal Data mentions anonymized data, which is that which originally was related to a person, but which went through stages that ensured its unlinking from that person. If data is masked, then LGPD will not apply to it. It is noteworthy that a data is only considered effectively anonymized if it does not allow, via technical and other means, to reconstruct the path to “discover” who the owner of the data was – if in any way the identification occurs, then it is not fact, anonymized data is pseudonymized data and will then be subject to the LGPD.


According to specialists, masked data are essential for the growth of artificial intelligence, the internet of things, machine learning, smart cities, behavior analysis, among others. They also indicate that, whenever possible, a public or private organization performs the anonymization of personal data, as this improves information security in the organization and thus generates more trust in its services and for its audiences.


DATAPEERS is an innovative and automated solution that allows data anonymization and masking and helps companies comply with the privacy requirements of their data, increasing the quality of software development, testing and certification processes, ensuring greater flexibility and protection of information that sometimes needs to be shared with customers, suppliers and service providers.


DATAPEERS ensures that sensitive data is replaced with new anonymized data and that new data is secure and consistent based on the originals.

GDPR vs LGPD: the similarities and diferences

It is likely that you have heard of LGPD or GDPR, and even know the main purpose of the regulation. However, despite having the same basic concept, they also have some differences that you should know, especially if you are operating simultaneously in the European and Brazilian markets.

To help you, we briefly clarify the main SIMILARITIES AND DIFFERENCES between the two regulations.

 GDPRLGPD
DescriptionGeneral Data Protection Regulation  General Data Protection Law
Date of entry into force May 25, 2018 August 20, 2020  
WhereEuropean Union  Brazil
Who overseesCNPD (National Data Protection Commission) ANPD (National Data Protection Authority)  
Main Concepts  • Protection of Personal Data (name, email …) • Regulates consumers’ rights and duties of companies regarding data collection and processing • Determines the concept of sensitive personal data  
User guarantees  • More Privacy • Stricter control over your personal information • Greater transparency  
Security MeansThe data must be encrypted and masked in databasesGuidance for keeping data safe (each company defines how to protect it)  
  International ApplicationCompanies that collect, store and use EU citizen data must match the GDPR  • Companies that collect, store and use data from Brazilian citizens must comply with the LGPD • Companies in Brazil that have their business in the EU must adopt the 2 standards
Data Portability  • The holder is entitled to require that his data be transferred to another service provider • The holder must be informed about all transitions / portabilities to which his data is subject.
Data leakage  • Must be reported within 72 hours after being detected • The consumer must be informed  • Must be reported shortly after being detected • The consumer must be informed
Consent to obtain data  • Explicit consent • You may have to demonstrate to the authorities how you got permission from the holder  • Holder consent is not required
  Exceptions• Execution of a public policy provided for by law • Compliance with a legal obligation • Conducting studies through research bodies • Protection of a citizen’s credit • Preserving a citizen’s life and physical integrity

TIPS FOR IMPLEMENTING A DATA MASKING SOLUTION

Data security is an increasingly important issue in the future of companies, so it is essential to find solutions that prevent a possible breach. One of the most efficient ways to prevent it is to ensure that sensitive data is masked through a consistent, controlled and compatible solution with the organization’s entire information system.

Read More

Big Data: Why use this technology

Do you know what Big Data is? And do you know how this technology can help your business? If your answer is no, you should continue reading this article.

Big Data Analytics is the process of collecting, organizing and analyzing large sets of digital data in order to discover patterns and useful information. Big Data allows, through mathematical algorithms, to show patterns, correlations, trends and consumer preferences. The crossing or correlation of these data can help companies, whatever their size, in order to identify the most relevant data and behavioral patterns for the organization’s decisions.
Read More

Cybersecurity investment

Global market investment in cybersecurity has increasedand it is estimated that throughout 2020, it will grow up to 5.6% according to data from the Canalys studyThe investment is expected to reach 43.1 billion dollars in network security servicesendpoints, web, e-mails, vulnerabilities and security analysis.  36% of expenditures correspond to maintaining network security. This widespread increase was a consequence of the increase in remote work and the need for companies to remain competitive. 

Investing in cybersecurity allows you to ward off virtual threats and therefore protect your company and customers financially. Whenever customers realize that they are putting their data at risk, they will consequently lose their confidence. 
Read More

GDPR: Main features and how to avoid fines

Two years after the enactment of GDPR in the European Union, we hereby recover its main characteristics. The General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, presents a single set of rules relating to the protection of individuals with regard to the processing of personal data and the free movement of such data. 

This regulation began to be enforced on 25 May 2018, and applies to companies that are established or operate within the European Union.  This law came about mainly due to the impulse of electronic commerce, with the aim of protecting and guaranteeing a higher level of security for European consumers in this digital environment. The new regulation defines how companies and public entities collect and process their customers’ personal data. 
Read More

HOW TO IMPROVE DATA SECURITY IN YOU COMPANY

Having a technology that allows companies to handle the huge amount of data created daily can have several advantages. In today’s article, we present some methods to keep your data untouchable.
Read More

Coronavirus and computer attacks: learn how to protect your network

Hackers take advantage of the weakest moments to launch computer scams and steal data. Digital threats have been immense in recent weeks, as those responsible for them take advantage of people’s concerns about the new coronavirus or Covid-19. There are many people looking for information about the disease and hackers take advantage of this to send messages with fake news. In this way, they spread a series of malware, created with the aim of stealing information, whether corporate or personal. Here are 5 tips to protect yourself from computer attacks this season!

Read More

How to protect your company’s information in the coronavirus outbreak?

The coronavirus began to be reported in late 2019. It has reached almost 200 countries worldwide and has been causing fatalities all over the place. We live in a time of pandemic and not only will our health be affected, but the “health” of companies will also be threatened. A large number of organizations have adopted homeoffice as a way to protect their employees and prevent the spread of the disease. In an era when we all have to be more aware of protection, it is essential not to neglect the security of the data we deal with on a daily basis. In today’s article, we’ll see how we can protect information in the coronavirus outbreak!

Read More

Find out how to apply the 3 pillars of information security in your company

Information security refers to the union of tools, strategies and policies that guarantee the protection and integrity of information. The pillars of information security support the structure of the solutions, methods and tools to ensure that data remains secure and private. Integrity, confidentiality and availability are the pillars of the security of any company. We will then see how we can apply each one of them in your company!

Read More