The General Data Protection Law (LGPDThe law was enacted in 2018 and, after several postponements, will come into effect in May 2021, changing the way companies and condominiums handle personal data of clients, suppliers, and other involved parties.
With the increasing amount of information generated by the internet, as well as the growing number of data points available online, the need for greater care with this content has become apparent.
Much of this stems from concerns about confidential information and personal data that could be used in criminal activities, scams, and other malicious initiatives.
Therefore, the LGPD will bring about a change in strategies not only for e-commerces...but of all establishments that handle data, as is the case with condominiums.
In today's article, learn more about the impact of the regulation on condominiums and the legal basis for data collection. Keep reading!
What is the LGPD, Brazil’s General Data Protection Act?
The General Data Protection Law (Law No. 13.709, of August 14, 2018) is inspired by General Data Protection Regulation (GDPR), approved in the European Union, which establishes all the basic regulations regarding the protection of personal information.
This regulation gives special emphasis to so-called "sensitive data," which relates to ethnicity, religion, sexual preferences, information about health conditions, and political orientation, establishing parameters for how this content should be handled by companies.
In other words, the LGPD addresses how businesses should collect, store, use, and share personal data that can identify an individual, including basic information such as:
- Name;
- CPF and RG numbers;
- Consumption options;
- Preferences;
- Among others.
The intention of the law is to offer security to users, in light of the principles of the Rights to Privacy and Personality.
Given this, many companies will have to adapt to the new rules, including those related to services such as... IT outsourcing (information technology) to improve its digital platforms with regard to data storage.
According to a survey by Serasa Experian, conducted in 2019, 85% of Brazilian companies have not yet adapted to the LGPD (Brazilian General Data Protection Law). For this reason, it is necessary to make the changes as soon as possible, taking into account the month in which the law will come into effect.
How does the LGPD affect condominiums?
The LGPD (Brazilian General Data Protection Law) will impact companies in different sectors, including businesses of condominium managementRemote access control and outsourced services in general must provide secure systems for the protection of their clients' personal data.
This means that the LGPD (Brazilian General Data Protection Law) will require condominiums to have a system capable of protecting the personal data of residents and visitors. Therefore, the simple collection or storage of information must already follow the safeguards stipulated by law.
Given this scenario, not only condominium management, but all businesses involved, such as a outsourcing company for security guard servicesCompanies that may require data from residents must comply with the General Data Protection Law.
In the event of non-compliance with the rules imposed by the LGPD (Brazilian General Data Protection Law), such as the disclosure of personal data, the law provides for a warning and even a fine equivalent to up to 2% (two percent) of the condominium's monthly revenue, which may reach up to 50 million reais.
What are the legal bases for data collection?
The LGPD specifies 10 legal bases for the collection, storage, and sharing of data.
In other words, to justify requesting information from residents and visitors, as well as employees and staff, the condominium must rely on these parameters. These are:
1 - Consent
As the name suggests, data collection and information handling can only occur after user authorization.
Therefore, if the intention is to share resident data with a building maintenance companyAll condominium residents must allow the exchange of information.
2 – Contract execution
In this case, data processing is permitted, provided it is for the fulfillment of a specific condominium contract.
3 – Legitimate interest
This assumption is based on European law, which views legitimate interest as a way to maintain contact with the user in order to present some new product or service that is advantageous.
Therefore, it is possible to retain personal data when maintaining a relationship with the user.
4 – Administration/Public Policies
According to the LGPD (Brazilian General Data Protection Law), public bodies may process user information, provided it is for the execution of public policies or administrative work.
5 – Regular exercise of a right
The LGPD (Brazilian General Data Protection Law) allows for the storage of data for the regular exercise of rights, that is, when there is an interest in legal defense.
For example, a company property security It can retain certain information to investigate criminal acts and have materials to defend itself.
6 – Research bodies
The regulation allows the processing of personal data for research purposes, but users must remain anonymous.
7 – Protection of life
If the sharing of data constitutes an act to protect life, this information may be processed in accordance with the LGPD (Brazilian General Data Protection Law).
8 – Health guardianship
Similar to the protection of life, the protection of health refers to the processing of personal data and the disclosure of information for the maintenance of users' health.
9 – Fulfillment of a legal obligation
The LGPD (Brazilian General Data Protection Law) allows the handling of data for the fulfillment of legal actions, such as sending information to the tax authorities for direct withholding at source.
10 – Credit protection
Companies and credit bureaus that work with personal data can continue handling the information to provide their services. However, they must guarantee its protection and confidentiality, as recommended by the regulation.
How can condominiums adapt to the LGPD (Brazilian General Data Protection Law)?
All the precepts established by the LGPD (Brazilian General Data Protection Law) must be followed, with the objective of guaranteeing the protection of the private data of residents, visitors, and service providers. To achieve this, rigorous internal controls and technological systems are necessary.
Therefore, the first step To comply with the LGPD (Brazilian General Data Protection Law), it is necessary to have a electronic security system that protects the condominium against invasion by hackers.
It is understood that not only should the personal data of residents and visitors be fully secure, but also the preservation of images captured by internal circuits, cameras, or monitoring equipment that could identify a person.
Furthermore, it is also necessary to check the storage conditions of the products themselves. equipment for condominiums and, if necessary, develop a modification to the internal processes of the devices.
The condominium can still adopt new measures, such as:
- Developing a privacy protection plan;
- Investment in resources for data protection;
- Promoting training for collaborators and employees;
- Hiring reliable data security companies;
- Establishing a transparent security policy.
In other words, it's important for residents to know why their data is being collected and how it will be used – for example, for registration in a... biometric electronic lock.
It is also necessary to take special care with information collected physically, that is, non-digitally. Therefore, if there is any file with confidential data, the condominium must store and lock the document, allowing access only to authorized personnel.
In fact, the ideal process is to digitize the file and limit viewing through security systems with login, password, and two-factor authentication.
Regarding data from contracted companies, it is necessary to carry out the data processing This is only for the fulfillment of contractual obligations, as previously stated. Otherwise, there is a risk of penalties and civil/criminal liability.
In practical terms, condominiums can continue to request visitor information upon entry, such as requests for identification documents, name, and license plate number.
However, this information should only be used for its intended purpose: which is to allow secure entry into condominiums. Providing this data to third parties may also result in penalties.
For this reason, it is important that condominium administrators take due care in complying with the LGPD (Brazilian General Data Protection Law).
Conclusion
The General Data Protection Law is a recent regulation that addresses the correct ways of collecting, storing, and processing personal data that is typically requested by companies.
The goal of the standard is to increase user security against malicious attacks, primarily those carried out by... hackers.
In the case of condominiums, the regulation also applies, since they also handle data from residents, visitors, and suppliers.
Therefore, it is important that condominiums comply with the correct security guidelines and the LGPD (Brazilian General Data Protection Law) regulations to ensure the best security for users.
This text was originally developed by the blog team Investment Guide, where you can find hundreds of informative content about various segments.
