LGPD: What does the new Brazilian data protection law say?
People must have control over their personal data and must understand the legal framework of digital businesses. This is because, unfortunately, users’ personal data are often illegally captured, which can compromise their privacy. This whole scenario led to the creation of the General Data Protection Regulation (GDPR) for the European Union, which came into force in May 2018, and now Brazil is preparing to adjust to the new law, very similar to the one that already exists in the Europe. After more than eight years of debates in civil society, Law 13.709 / 2018, the Brazilian Data Protection Law, arrives. The legislation (LGPD) was enacted on August 14, 2018 and is expected to come into effect, definitely, this year. In today’s article, we will know the main points of this legislation.
Concepts of the new law
The holder of the data is the person that the law aims to protect and is the carrier of “personal data that are subject to treatment”, so that legal entities of a collective nature are excluded from the scope of the new law: this law is exclusively to protect people.
The concept of data processing is very important in this legislation and is defined as “any operation carried out with personal data, such as collecting, producing, receiving, classifying, using, accessing, reproducing, transmitting, archiving, storage, disposal, evaluation or control of information, modification, communication, transfer, diffusion or extraction”. This context is very broad and applies to all data processing operations carried out by an individual or collective person, both in the public sector and in the private sector. In order for the law to apply, this data processing must be carried out in Brazilian territory. In the case of foreign citizens, personal data are subject to the new law when they are collected in Brazil and when their treatment is intended to provide goods or services in Brazil.
What will change in practice?
Obligation to delete data when required by the user
Citizens will be able to require companies to delete their personal data, whenever requested by users. The new regulation allows the personal data of each citizen to be destroyed at his request.
Data portability
Citizens may require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it simpler to change service provision. Whenever a citizen changes banks or a television service provider, he or she will not have to provide his/her personal data again, as they can be easily migrated from one company to another.
Need for express user authorization
Citizens will have full information about how companies treat their data, how they store it, how long they store it and with whom they share their information. The new law applies to all activities involving the use of personal data, including treatment over the internet.
Obligation to notify in case of violation of personal data
Businesses and organizations have a duty to notify the competent authority in situations which put individuals at risk and to communicate to the citizen concerned all high-risk violations as quickly as possible so that appropriate action can be taken. In case of data leaks, the company must inform the competent authority (National Data Protection Authority, an indirect public administration body linked to the Ministry of Justice), which will be responsible for monitoring, implementing and enforcing the law , within a “reasonable period”.
What happens in case of default?
In case of data leakage or any other violation of the law, fines may reach 2% of the billing, with a limit of R $50 million, and may also imply the suspension of the company’s activities.
4 measures for your company to conform to the GDPR
Although little is said about GDPR today, the law exists and it is mandatory to comply with it. There are many companies that have not yet prepared themselves to protect their data in accordance with the new legislation. The fines are quite high and it is unconscious not to be concerned with the information of your business, as the exposure of sensitive data can seriously compromise the organization’s survival. Therefore, we have prepared this article where we present you 4 measures for your company to adapt to the GDPR!
GDPR: What has changed throughout its implementation?
Much has been said about the GDPR in 2018. The new regulation came into force in May last year and thousands of news related to the law came out. A year and a half after its arrival, few people talk about this legislation that promised to drastically change the way companies relate to their customers and business partners. We are currently experiencing a “non-reaction” phase to the GDPR, which could compromise data security and could result in huge fines for non-compliant. We will understand in this article what is the state of play regarding the General Data Protection Regulation!
Trends in IT Management for 2019
2019 has already arrived and with it has brought new trends in IT management. After a year in which information security was the theme of the day due to the arrival of the new general data protection regulation in the European Union, it is expected that this issue will continue to be of great importance to business. In today’s article, we will talk about the key IT management trends for 2019!
What changed in the companies in 2018 with GDPR?
Undoubtedly, the GDPR was the major security issue in 2018. The new legislation brought new ways of dealing with data and brought many questions to businesses. The new law has been applied to ensure greater privacy of personal data of citizens of the European Union, especially online. But after 8 months, what has really changed in companies with the arrival of GDPR?
Overview of 2018: everything that has changed throughout the year in the security industry
The end of the year is approaching and it is time to make a review about everything that happened this year. The business security industry has brought a lot of buzz this year and it’s important to look at what has changed over the last few months so we can be prepared to receive 2019! In today’s article, we cover everything that has changed throughout the year in the security industry.
Read More
How to treat sensitive personal data?
Companies are now more aware of the need to protect the personal data of customers and vendors with whom they work. In addition to the increased risk of computer attacks today, new data protection laws have added to this need to protect sensitive data. The GDPR has been in force since May in the European Union and Brazil is preparing to receive a new data protection law very similar to European legislation (Brazilian law is known as LGPD). Increasingly, companies need to treat their personal data correctly, failing to see their information exposed and, above all, to escape the large fines that the regulation applies to violators. In today’s article, we leave you important tips for dealing with sensitive personal data!
DPO: get to know the new profession created by the GDPR
The General Regulation on Data Protection entered into force with mandatory character in the European Union on May 25 and there are still some doubts regarding its scope of action. One of the most debated issues has been related to the DPO – Data Protection Officer – a figure that comes with the creation of this new legislation. In today’s article, we will address all issues related to the DPO, the new profession created by the GDPR!
Key Opportunities Created by Big Data
Big Data is a term that is already part of everyday business. Big Data defines the immeasurable volume of data (structured or not) that impact business in your day-to-day life. Much more important than the amount of data that is generated daily is what companies can effectively do with this data in order to increase the quality of their performance. According to IBM, there are now three times more devices connected to the Internet than people in the World. This data is more than enough proof of the amount of information that is generated every minute, which is a challenge for companies. But how can they take advantage of the data generated daily? In this article we will talk about the main opportunities created by the big data.
How is Facebook receiving GDPR?
The social network Facebook has been the subject of numerous criticisms due to the case of Cambridge Analytics and the unauthorized access to data of more than 50 million profiles that were used to create a software that supposedly influences the results of referendums and elections . At a time when information privacy is one of the most talked about subjects, let’s see how Facebook is preparing to receive the new General Regulation on Data Protection (GDPR)!
