LGPD: What does the new Brazilian data protection law say?
People must have control over their personal data and must understand the legal framework of digital businesses. This is because, unfortunately, users’ personal data are often illegally captured, which can compromise their privacy. This whole scenario led to the creation of the General Data Protection Regulation (GDPR) for the European Union, which came into force in May 2018, and now Brazil is preparing to adjust to the new law, very similar to the one that already exists in the Europe. After more than eight years of debates in civil society, Law 13.709 / 2018, the Brazilian Data Protection Law, arrives. The legislation (LGPD) was enacted on August 14, 2018 and is expected to come into effect, definitely, this year. In today’s article, we will know the main points of this legislation.
Concepts of the new law
The holder of the data is the person that the law aims to protect and is the carrier of “personal data that are subject to treatment”, so that legal entities of a collective nature are excluded from the scope of the new law: this law is exclusively to protect people.
The concept of data processing is very important in this legislation and is defined as “any operation carried out with personal data, such as collecting, producing, receiving, classifying, using, accessing, reproducing, transmitting, archiving, storage, disposal, evaluation or control of information, modification, communication, transfer, diffusion or extraction”. This context is very broad and applies to all data processing operations carried out by an individual or collective person, both in the public sector and in the private sector. In order for the law to apply, this data processing must be carried out in Brazilian territory. In the case of foreign citizens, personal data are subject to the new law when they are collected in Brazil and when their treatment is intended to provide goods or services in Brazil.
What will change in practice?
Obligation to delete data when required by the user
Citizens will be able to require companies to delete their personal data, whenever requested by users. The new regulation allows the personal data of each citizen to be destroyed at his request.
Data portability
Citizens may require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it simpler to change service provision. Whenever a citizen changes banks or a television service provider, he or she will not have to provide his/her personal data again, as they can be easily migrated from one company to another.
Need for express user authorization
Citizens will have full information about how companies treat their data, how they store it, how long they store it and with whom they share their information. The new law applies to all activities involving the use of personal data, including treatment over the internet.
Obligation to notify in case of violation of personal data
Businesses and organizations have a duty to notify the competent authority in situations which put individuals at risk and to communicate to the citizen concerned all high-risk violations as quickly as possible so that appropriate action can be taken. In case of data leaks, the company must inform the competent authority (National Data Protection Authority, an indirect public administration body linked to the Ministry of Justice), which will be responsible for monitoring, implementing and enforcing the law , within a “reasonable period”.
What happens in case of default?
In case of data leakage or any other violation of the law, fines may reach 2% of the billing, with a limit of R $50 million, and may also imply the suspension of the company’s activities.
3 Information Security Lessons We Learned From Black Mirror
You certainly know Black Mirror, a series in which each episode tells us about the use we make of machines and the power we give them. Chatbots, virtual reality and drones are some of the topics covered in this series that make us think about our ethical values and their relationship with technology. Behind each episode, there are several messages to keep in mind, many of which are related to information security. For today’s article, we’ve selected 3 security lessons we learned from Black Mirror!
Machine Learning and Security: How to Keep Information Safe?
Many companies have started using machine learning to protect their information. In addition to increasing efficiency in data protection, applying artificial intelligence techniques to information security enables companies to be able to prevent attacks in real time, thus avoiding financial loss. Protecting information is a constant concern within companies and with the arrival of the so-called Fourth Industrial Revolution, machine learning solutions are capable of learning behaviors and setting new security standards. In today’s article, we’ll take a look at how machine learning helps keep business information secure!
GDPR: What has changed throughout its implementation?
Much has been said about the GDPR in 2018. The new regulation came into force in May last year and thousands of news related to the law came out. A year and a half after its arrival, few people talk about this legislation that promised to drastically change the way companies relate to their customers and business partners. We are currently experiencing a “non-reaction” phase to the GDPR, which could compromise data security and could result in huge fines for non-compliant. We will understand in this article what is the state of play regarding the General Data Protection Regulation!
Meet the new data protection laws in the world
Today’s world is digital, so more and more companies are taking advantage of information and big data to gain relevant insights into markets and the business itself. Internet access is nowadays universal and the massive use of social media captures a huge volume of data. Data privacy is one of the key challenges facing companies today. There is a growing collection of user data, and more and more computer attacks that expose private data and cause huge financial losses to businesses. To combat these threats and to ensure that sensitive information remains private, several countries and regions have begun to implement measures to punish organizations that don’t safeguard information security. In today’s article, we will learn about the new data protection laws in the world!
Understand the difference between data security and privacy
Data security and privacy are two concepts that go hand in hand. Many people confuse the concepts and think they are the same thing. However, while they have the common goal of protecting sensitive data, data security and privacy are not the same thing and have different approaches to achieving the goal they share. In today’s article, we will understand the differences between these two concepts and understand how we can keep data private and secure!
The importance of data storage for business security
Good management should be based on relevant business, process, market and stakeholder information. In order to have reliable data management, it is becoming increasingly important to use an efficient data storage system in organizations. Proper storage of data is essential for keeping it safe and confidential. The company needs to have a strategy so that the use of technological tools gives the business intelligence. In today’s article, we will see how important data storage is for business security.
5 Security Mistakes That Compromise Your Data Security
Data is becoming increasingly important to companies and action must be taken to protect it from loss and theft. However, there are many companies that still don’t pay due attention to data security and endanger all business continuity. In today’s article, we addressed the 5 security mistakes that compromise your data!
Find how to define security within your business processes
Computer attacks have increased in number and quality in recent years and the consequences for businesses are increasingly serious and unexpected. Security policies within organizations are gaining increasing importance and it is essential that they are also implemented in business processes. Depending on the severity of the computer attack, companies may suffer partial or total loss of data and this loss may even be irreversible. In today’s article, we leave you with some tips for setting security within your company’s processes!
How can your company use the data in the best way possible?
In recent times, much has been said about the importance of data for organizations. The truth is that it is through information that companies are able to make business-friendly decisions. Due to the new general data protection law, companies have begun to pay more attention to the information they have and have finally realized that data loss can bring irremediable damage to the business. But the question still lingers: how can your company use the data in your favor? That’s what we’re going to talk about in today’s article!
