Por que se adequar à Lei Geral de Proteção de Dados?

Approved and sanctioned in 2018, the Chamber Bill (PLC) 53/2018, inspired by European regulation and guaranteeing citizens greater control over their personal information, will only come into effect in February 2020. However, companies need to understand the new regulation in time to adapt to the necessary changes going forward. The bill defines rules for the protection of personal data by internet companies, allowing users to have tools to question the misuse of their information. The new law regulates how information is collected and processed, especially in digital media, such as personal registration data, phone numbers, addresses, marital status, financial information, and even texts and photos published on social networks. By having a specific data protection and privacy legislation for its citizens, Brazil joins a select group of countries and international organizations that provide an adequate level of personal data protection. This means Brazilian companies have a lot to lose if they do not adapt. Fact! It is a project of interest to all Brazilians, but due to its magnitude, it leaves several questions in the air: what will the law protect? What are its objectives? Why is it so important? What are its impacts on companies?

What is the General Data Protection Law

The General Data Protection Law (LAW No. 13,709 or LGPD) regulates the processing of personal data of individuals and determines how citizen data can be collected and processed, providing for penalties for transgressions. It applies regardless of the medium and/or form of data processing, meaning it imposes processing rules both within and outside the internet (whether or not using digital means). We clarify here that the law applies to personal data processing operations collected and processed within Brazilian territory, as well as to operations that occur outside the country.

Main objectives

•  Protect the fundamental rights to freedom and privacy and the free development of the citizen's personality through transparent and secure practices;
•  Establish clear rules for the processing of personal data, while fostering economic and technological development;
•  Standardization through unique and harmonious rules for the processing of personal data by all agents involved in data processing and collection;
• Strengthen the security of legal relationships and the trust of the data subject in the processing of personal data, ensuring free enterprise, free competition, and the defense of commercial and consumer relations; All of this is achieved through a series of rules that companies and other organizations operating in Brazil must follow to allow citizens to have more control over the processing of their personal information.

Why is it so important?

Companies will need to invest in technological tools and specialized services, in addition to needing to review contracts with service providers, suppliers, employees, etc. All of this to properly adapt to the principles of this new law. The positive side of all this is that there will no longer be the so-called 'lawless land' that data processing was in Brazil, precisely for those companies that liked to do whatever they wanted with third-party data. Since Brazilian legislation is currently very vague on issues related to personal data and privacy, the law arrives at the right time to also contemplate the current technological scenario. Being obviously a necessary and entirely relevant step.

Impact on companies' privacy policies

The new law emerges as a game-changer and requires a new stance from organizations in the face of the extraordinary volume of information that is now obtained and exposed daily without proper control. In fact, the lack of regulation for the processing of information is seen as an obstacle for businesses and consumers. With this new scenario, public and private companies must inform the purpose of collection before requesting personal information such as name, phone number, address, marital status, religion, ethnicity, and education level. If there is no user consent, the registration cannot be carried out and the company cannot obtain the information by other means. The processing agents (the controller and the operator - individuals competent to make decisions and process data) must protect personal data against unauthorized access and accidental or unlawful situations. It is the agents' responsibility to notify the national authority and the data subject of any incident involving relevant damage. Regarding violations of the LGPD rules, the administrative sanctions applicable by the national authority range from a warning to a fine, simple or daily, which can reach 2% of the revenue of the private legal entity, group, or conglomerate in Brazil in its last fiscal year, excluding taxes, limited, in total, to R$ 50 million per violation. Brazilian companies will need to adjust aspects such as cultures, policies, and procedures involving the implementation of technologies to ensure user and business security and transform customer data into a powerful asset of trust and credibility. Much of this data is scattered throughout the company across different departments, systems, and different spreadsheets. It will be essential for organizations to invest in data governance solutions to keep the personal information they collect and store up to date and accessible. This centralization will make all the difference when the company must delete, correct, or disclose this personal data. By following the rules of the new law, companies will not only comply with what is established but also commit to ensuring greater transparency for their customers and partners, as leaks tend to be mitigated and oversight over companies becomes stricter. The approval of the GDPR directly affects data privacy and security standards and encourages organizations to improve their cybersecurity measures, also being required to limit the risks of any possible data breach. This is because the law requires companies to identify their security strategies and adopt appropriate measures and techniques to protect citizens' personal data. Want to protect your company and stay updated to comply with LGPD regulations? Get to know the technology services from Zamak !