After several twists and turns between the Senate and the Chamber of Deputies regarding the new General Data Protection Law (LGPD), last week a decision was made. final verdictNow that the law is in effect, the only certainty companies have is the need to comply.
The purpose of the LGPD.
The LGPD (Brazilian General Data Protection Law) was created with the objective of regulating data processing. The protection and processing of personal data are extremely relevant topics for a society with virtual interactions between public authorities, companies, and individuals.
The law guarantees that the collection, storage, and processing of personal data can only be carried out with the authorization of the so-called "data subject," that is, the person to whom this data refers. This includes names, addresses, phone numbers, emails, physical characteristics, location, habits, preferences, among others.
This authorization from the data subject must be obtained in a clear and direct manner. Information regarding the purpose for which the data will be used is also mandatory, and new authorization is required if the data is used for a different purpose. The data subject also has the right to revoke their permission at any time.
Privacy Tools can help you achieve compliance in order to respond to requests from the holdersWith a service platform specialized in the rights of data subjects, so that when a data subject wishes to access their private information, such as requesting data removal or asking for clarification about its use, for example, it must be requested through a specialized channel with appropriate service for this type of interaction.
Inspection.
The National Data Protection Authority, also known as ANPD, is a body of the Brazilian federal public administration that is part of the Presidency of the Republic. It has responsibilities related to the protection of personal data and privacy and, above all, will be responsible for overseeing compliance with the LGPD (Brazilian General Data Protection Law).
The ANPD will be responsible for, among other actions, monitoring and applying administrative sanctions, including warnings, fines, publicizing the infraction, blocking or deleting personal data.
You can read more about the ANPD in our previously published article. here on the blog.
And the sanctions?
Starting in August 2021, the penalties stipulated in the LGPD (Brazilian General Data Protection Law) can be applied by the ANPD (National Data Protection Authority). These are:
- Warning administrative;
- Daily or total fine up to 2% of total revenue, limited to R$ 50 million. for infraction;
- Publicizing of the information;
- Blocking and deleting data personal persons to whom the infraction refers;
- Obligation of repair damage potential damages that may result from improper data handling;
- Partial suspension of the functioning from the database The infraction refers to a maximum period of six months, which may be extended for an equal period, until the controller regularizes the treatment activity;
- Suspension of data processing activities. personal injuries related to the infraction will be suspended for a maximum period of six months, which may be extended for an equal period;
- Partial or total prohibition from the exercise of activities related to data processing.
In your pocket and in your picture.
Since its implementation in the European Union, the GDPR has influenced several countries to develop their own data protection laws. This led to the creation of the LGPD in Brazil. We have provided two examples of companies that have experienced a significant impact on their budgets due to non-compliance with the law.
British Airways has had to pay one of the largest GDPR fines. The body responsible for overseeing the law requested a payment of £183 million. The reason for the fine dates back to the end of 2018, when the company, due to a security breach, ended up leaking data such as the full names, addresses, details of tickets and trips taken and scheduled, login credentials, and credit card information of approximately 500 of its customers.
Facebook saw not only its finances affected, but also its image. In 2018, the company received a ruling that it would have to pay a fine of US$5,5 billion to end a US government investigation into its privacy practices. The announcement came through the US Federal Trade Commission. Two days after the announcement, Facebook's value decreased by US$35 billion on the US technology stock exchange.
Starting the adaptation process.
Starting from the premise that if you can't see your data, you can't protect it, the data mapping It's fundamental. Through it, you ensure a greater understanding of how data moves through your organization. Companies need to understand what data they are collecting, how they are using it, and with whom they are sharing it to improve data protection, and this is an important initial step in the compliance journey.
Your website also needs to comply. It should include a banner where users can choose whether or not to consent to data collection through cookies. Cookie Management It provides visitors to your website with control and management over the use of cookies.
It is the responsibility of the organization collecting the data to prove that the user's consent was given in accordance with regulations. In other words, your company will have this responsibility. At Privacy Tools, we provide a module for this. Consent Management, to support companies in this regard. Allowing the identification of which users have consented or revoked consent, providing an audit of these events.
Privacy Tools in compliance.
Privacy Tools has developed a data management platform that offers various tools and modules, designed for use in different market segments and to comply with the obligations of the LGPD (Brazilian General Data Protection Law). This applies to both privacy management and user experience privacy.
You can learn more about how to comply with the LGPD at [link to LGPD information]. our blogAnd to see our platform in action, do the... free trial!
