Keep an eye on the LGPD. The fine could reach R$50 million!

[shuklarani621]

The General Data Protection Law (LGPD) was created in August 2018. In the meantime, companies of all sizes are adapting their processes in order to avoid problems and losses in the future. The penalties will be implemented from August 2020, and may result in fines of up to R$50 million per violation!



What is LGPD?


Law 13,709/2018, or the General Data student database Law, was inspired by the General Data Processing Regulation, a European law regulation that came into force in May 2018.

The LGPD guarantees the data subject full rights over when, how, for what purpose and to what extent other institutions may use their information.

The main concern of the LGPD is to ensure the protection of people's privacy.



Sensitive personal data


To know where the LGPD applies or not, we need to understand what data it refers to.

Well, the LGPD protects both normal and sensitive personal data. They are:



Normal personal data: refers to an identified or identifiable natural person, including identification numbers, location data or electronic identifiers, when these are related to a specific person.


Sensitive personal data : information about racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, health or sexual life, genetic and biometric data.


Big Data
An important concept in this story is Big Data. We live in a globalized environment that generates a large volume of data at all times. Think about your company's operations. A simple invoice, for example, contains a series of information about the parties involved.

Of course, much of the information captured by your company is essential for day-to-day operations, but of all the data available, which ones are really relevant to your business?

The LGPD proposes the collection of data in the exact measure for its purpose.

Let's say you own a liquor store. Knowing the age of your customers is important, but is knowing their political views relevant?



Data collection and storage
By transforming Big Data into Small Data, there will be greater care in the treatment of information, that is, from the collection to the storage and treatment of data.

In order to protect the privacy of data subjects, your company must adapt processes to minimize the chances, threats and risks of information leaks.

According to the LGPD, it is the responsibility of the “collector” to guarantee the security of the data obtained, adopting physical, technical and organizational measures, such as:



Information systems with strict control, such as encryption;
Eliminate the use of physical processes for collecting, storing and disposing of information;


Consent
The Law will apply not only to consumer relations, but also to legal relations in general and to labor relations.

Consent is a key point in this matter. In all processes involving the collection and processing of normal or sensitive personal data, the holder of such information must consent to its use.

Without this consent, your company will be in breach of the Law and will suffer the appropriate penalties.

Under the terms of article 5, item XII, of the LGPD, consent consists of the free, informed and unequivocal manifestation by which the holder agrees to the processing of his/her personal data for a specific purpose.

This manifestation requires, on the part of the data subject, a statement or an unequivocal positive act, in written, oral (recorded) or electronic form.

The mere use of a service, as well as silence or inactivity on the part of the data subject, is not characterized as a manifestation of consent.

One suggestion is to ask the data subject to send an email to the data controller, informing them in detail what they agree to.

It is worth remembering that the holder may, at any time, change or revoke consent.