Data protection is an extremely important issue these days. The main objective of the General Data Protection Law (LGPD) is to protect the fundamental rights of freedom and privacy, as well as the free development of the personality of natural persons.
The LGPD defines what personal data is and explains that some of it is subject to even more specific precautions, such as sensitive personal data and personal data on children and adolescents. The law establishes that all data processed, in both physical and digital media, is subject to regulation.
In addition, the LGPD establishes that it doesn’t matter whether an organization’s headquarters or data center are located in Brazil or abroad: if there is processing of information about people, Brazilian or not, who are in the national territory, the LGPD must be observed.
The General Data Protection Law (LGPD) came into force in Brazil in September 2020 and aims to guarantee the protection of Brazilian citizens’ personal data.
The LGPD establishes clear rules on the collection, storage, processing and sharing of personal information, as well as the rights of data subjects.
The importance of the LGPD is related to protecting the privacy and security of everyone’s personal data. With the growing amount of data collected by companies, it is essential that citizens have control over their personal data and that this data is only used for legitimate purposes.
The LGPD provides citizens with various guarantees, such as being able to request that their personal data be deleted; revoke consent; transfer data to another service provider, among other actions. The consent of the data subject is considered an essential element for processing, a rule that is excepted in the cases provided for by law.
Brazil has the National Authority for the Protection of Personal Data (ANPD) to monitor and apply penalties for non-compliance with the LGPD. The institution will have the task of regulating and providing preventive guidance on how to apply the law.
However, the ANPD (Law No. 13,853/2019) is not enough, which is why the General Personal Data Protection Law also provides for the existence of data processing agents and stipulates their roles in organizations, such as: the controller, who makes the decisions about processing; the operator, who carries out the processing on behalf of the controller; and the person in charge, who interacts with the holders of the personal data and the national authority.
Security breaches can lead to fines of up to 2% of the organization’s annual turnover in Brazil – limited to R$50 million per infraction. In order to avoid such fines and guarantee the security of users’ personal data, companies must draw up governance rules; adopt preventive security measures; replicate good practices and certifications on the market; draw up contingency plans; carry out audits; resolve incidents swiftly, notifying the ANPD and the individuals affected immediately of violations.
Does your business need data protection? We have what you need! Contact us today and find out how we can help you.
