top of page

LGPD

The LGPD is already in force and 4SR supports its application with its Specialized Consultancy

The change in the law can be seen as a loss of rights, but rather as a positive opportunity for the evolution of the tactics that are used today, being able to increase trust, engagement and loyalty of the consumer, citizen, customer.

Many believe that the Marketing practiced today is invasive. 57% of consumers say they prefer to receive personalized Marketing. (Source: DMA)

When asked if a company had an incident with its data, 47% of respondents said they would choose the competitor and 79% would suggest a boycott for friends and family. (Source: Veritas)

Gain insight into your data outside your company environment and meet the LGPD

With the arrival of the LGPD (General Data Protection Law, 13,709 / 2018), having an active program to monitor exposed or leaked data is a demonstration of diligence before the regulatory bodies (Public Ministry and National Data Protection Agency).

Discover data leaks before someone else does

68% of data leaks are unintentional.

They are generated by employees or third parties and could be identified and removed before being found by a third party.

About LGPD

The LGPD is law No. 13,709, approved in August 2018 and effective from August 2020. To understand the importance of the matter, it is necessary to know that the new law wants to create a legal security scenario, with the standardization of rules and practices, to promote the protection, on an equal basis and within the country and in the world, to the personal data of every citizen who is in Brazil. And, so that there is no confusion, the law brings right away what personal data is, defines that there are some of these data subject to even more specific care, such as sensitive and those about children and adolescents, and that data treated both in the media physical and digital are subject to regulation.

The LGPD further establishes that it does not matter whether the headquarters of an organization or its data center are located in Brazil or abroad: if there is the processing of content from people, Brazilian or not, who are in the national territory, the LGPD must be fulfilled. It also determines that it is allowed to share data with international organizations and with other countries, as long as this occurs from secure protocols and / or to comply with legal requirements.

Consent

Another essential element of the LGPD is consent. In other words, citizen's consent is the basis for personal data to be processed. But there are some exceptions to this. It is possible to process data without consent if this is indispensable for: fulfilling a legal obligation; execute public policy provided for by law; conduct studies via the research body; execute contracts; defend rights in process; preserve a person's life and physical integrity; guard actions taken by professionals in the health or sanitary areas; prevent fraud against the holder; protect credit; or attend to a legitimate interest, which does not harm the fundamental rights of the citizen.

Automation with authorization

Speaking of rights, it is essential to know that the law provides several guarantees to the citizen, who can request that data be deleted, revoke a consent, transfer data to another service provider, among other actions. And the treatment of the data must be done taking into account some questions, such as purpose and necessity, that must be previously agreed and informed to the citizen. For example, if the purpose of a treatment, done exclusively in an automated way, is to build a profile (personal, professional, consumer, credit), the individual must be informed that he can intervene, asking for a review of this procedure done by machines.

ANPD and treatment agents

The country will have the National Personal Data Protection Authority, the ANPD. The institution will inspect and, if the LGPD is not complied with, penalize. In addition, the ANPD will, of course, have the tasks of regulating and guiding, preventively, on how to apply the law. Citizens and organizations will be able to collaborate with the authority.

The General Law on the Protection of Personal Data also stipulates data processing agents and their functions, in organizations: there is the controller, who makes the decisions about the processing; the operator, who performs the processing, on behalf of the controller; and the person in charge, who interacts with citizens and national authority (and may or may not be required, depending on the type or size of the organization and the volume of data processed).

Management in focus

Risk and failure management. This means that whoever manages the personal database will have to write governance rules; adopt preventive safety measures; replicate good practices and certifications existing in the market. You will also have to prepare contingency plans; do audits; resolve incidents with agility. If, for example, a data leak occurs, the ANPD and the affected individuals should be notified immediately. It is worth remembering that all treatment agents are subject to the law. This means that organizations and subcontractors to handle data jointly account for the damage caused. And security breaches can generate fines of up to 2% of the organization's annual revenue in Brazil - and the limit of R $ 50 million per infraction. The national authority will set penalty levels depending on the severity of the failure. And it will, of course, send alerts and guidance before applying sanctions to organizations.

bottom of page