General Data Protection Act: 5 Things You Need to Know About It

The year 2020 is approaching, and with it the moment when the General Data Protection Law (LGPD) will come into force. Respecting this set of rights and obligations will be essential to avoid problems with justice. Therefore, it is important to clear up any doubts that still surround the subject.

It was with this in mind that we created an article pointing out 5 items you need to know about the LGPD. This information will help you comply with the terms of the legislation without major problems. You may even use some of this information to support your privacy policies.

After all, knowing what data is collected by your company and how the law requires it to be treated, your terms will be clearer and more specific. To find out who are the factors involved in data processing and what are their attributions, read on.

5 things you need to know about the General Data Protection Act

1. its functioning

The starting point for dealing well with the LGPD is to understand how it will work in practice. What will happen is that, when collecting data, your company will need to inform its purpose of use. It will also be necessary for the user to give his/her explicit consent for the proposed use.

If accepted, the organization will be able to handle the information collected within the limits of the law. If the user requires any maintenance or deletion of data, the company will need to comply. Finally, it is essential that only information related to the proposed purpose is collected.

2. who is it worth

All companies, public or private, operating on Brazilian soil must respect the LGPD's precepts. Other types of institutions that handle personal data must also undergo adaptation. The rule is basic: if there is collection and use of user information, the law applies.

Personal data, sensitive data and the difference between the two

3. What is considered personal data?

A central point that needs to be understood is what the law defines as personal data. Basically it is information that can serve to identify the user. Therefore, items such as name, address, IP, email, photos, document numbers, face photos, among many others, are included.

The General Data Protection Law extends its scope even to texts and photos that may be published on social media. It is also worth remembering that the LGPD has a special data category. You can check out all about them in the next topic.

4. What is sensitive data?

Sensitive data goes beyond the basic identification present in personal data. They can address items such as religion, sexual orientation, ethnicity, health conditions and even political positions. LGPD restricts the use of information contained in this category and requires assurances of its protection.

It is worth knowing the information that is not covered by the LGPD

5. Information that is not affected by the LGPD

Despite the comprehensiveness of the LGPD, there are still data that are not affected by it. Information that has an academic, journalistic or artistic purpose, for example, responds to another set of rules. The same is true when dealing with government policy, public safety, national defense and the protection of life.

Delving deeper into the LGPD: Good Practices and Challenges in Personal Data Protection

LGPD data protection is a priority for both public and private entities in Brazil. Law No. 13,709/2018, known as the General Data Protection Law (LGPD), establishes a set of rules and principles for the processing of personal data.

Main Aspects of LGPD

In addition to the 5 items mentioned in the article, it is important to know other relevant aspects of the LGPD:

1. Processing agents: The LGPD defines the roles of processing agents, including the controller (who makes decisions about the processing) and the processor (who carries out the processing on behalf of the controller).
2. Data subjects: The law guarantees rights to data subjects, such as access, correction, deletion and portability of data.
3. Consent of the holder: The consent of the holder is one of the legal bases for the processing of personal data, requiring it to be free, informed and unequivocal.
4. National Data Protection Authority (ANPD): The national data protection authority is the body responsible for monitoring and regulating the LGPD, ensuring data protection.
5. LGPD Principles: Data processing must comply with the principles of lgpd, such as purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination and accountability.  
6. Administrative sanctions: Failure to comply with the LGPD may result in administrative sanctions, such as fines, warnings and data blocking.
7. Sharing of personal data: Sharing personal data with third parties must follow the rules of the LGPD, requiring consent from the holder or another legal basis.
8. Sensitive personal data: LGPD establishes stricter rules for the processing of sensitive personal data, such as racial or ethnic origin, religious belief, political opinion, trade union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data.  
9. Information security: Companies must adopt preventive and security measures to protect personal data against data leaks, unauthorized access and other threats.
10. Impact reports: In some cases, companies must prepare personal data protection impact management (DIP) reports.

Good Practices for Compliance with LGPD

To ensure compliance with the LGPD, companies can adopt the following good practices:

1. Map the data processing carried out by the company.
2. Develop a clear and transparent privacy policy and terms of use.
3. Implement security measures to protect personal data.
4. Train employees on LGPD and good data protection practices.
5. Appoint a data controller (DPO).
6. Keep records of data processing operations.
7. Comply with the rights of data subjects.
8. Conduct regular audits to verify compliance with the LGPD.

LGPD Challenges

The implementation of the LGPD presents some challenges for companies, such as:

1. Adequacy of IT processes and systems.
2. Investment in information security.
3. Change in organizational culture.
4. Interpretation of legislation.

The LGPD is an important piece of legislation for protecting the privacy and personal data of Brazilian citizens. Companies that comply with the law will be better prepared to face the challenges of the digital age.

For more information about the LGPD, please consult the website of your national data protection authority and other reliable resources. If you need more information or have any questions, please contact us.

Did you like this content? We hope so! To stay on top of others, be sure to follow the publications in our blog.