Newsletter
Latest articles
adapt to the LGPD

Be careful: complying with the LGPD does not mean absolute protection

by Kelvin Zimmer
September 1, 2021
6 minutes of reading

All care is little when it comes to your reputation and your finances. Although this alert and guidance serves for many situations, it is accurate when we try to fit the LGPD .

Eventually, verbs adapt and protect do not always go together when it comes to the General Law on Personal Data Protection ( LGPD ).

Once it establishes legal standardization, all Brazilian companies and organizations must adjust and follow LGPD and ensure control and transparency in the use of personal data of citizens.

However, after almost one year of validity, doubts still remain about how, effectively, to ensure compliance with the adequacy to the LGPD .

Consequently, also on the protection of companies and organizations against punishments (fines and other administrative sanctions) arising from infractions or non -compliance with the LGPD.

What is LGPD

The General Law on Personal Data Protection (LGPD) is legislation that aims to protect the freedom and privacy of consumers and citizens.

Although it was published on August 14, 2018 (Federal Ordinary Law No. 13,709), effective on December 28 of the same year, the full term of the LGPD occurred only from August 1, 2021.

In practice, LGPD demands changes in the way of collecting, storing and using people's data. As a result, it significantly impacts administrative, legal, communication and marketing areas and, especially,  information security technology .

Eventually, by not complying with LGPD, companies and organizations (including public and government) may be fined or receive administrative sanctions .

As stipulated in LGPD, punishments may vary from a simple fine of up to 2% of the company's revenues in its last year (limited to R $ 50 million, per infraction), until daily fine application (observing the total limit of the simple fine).

For sure, this last paragraph explains well the idea of ​​the first sentence of this article. After all, besides being able to lead to serious financial difficulties , it can compromise and destroy a good reputation .

Do not adapt to LGPD may cost dearly

Almost three years after creating, on August 1, 2021, the National Data Protection Authority (ANPD) is allowed to apply the penalties provided for in the LGPD.

According to the G1 portal article ( Failure to comply with the General Data Protection Law can generate punishments from this Sunday , by Alessandro Feitosa Jr.), the ANPD must start the process of supervision in an educational way .

According to a resolution of the National Data Protection Authority, the guidance is to start mildly and scalable. That is, warn to educate. Of course, according to the severity of the case.

However, non -compliance with LGPD standards can be penalized with :

  • warning,
  • advertising of the infraction, which acts as a way to alert the society that a particular company disrespected the rules,
  • simple fine, up to 2% of the company's revenues and that can reach, at most, R $ 50 million per infraction,
  • daily fine,
  • blocking personal data regarding infraction,
  • elimination of personal data regarding infraction,
  • suspension of the exercise of the activity of processing personal data related to the infraction for a maximum period of 6 months, which can be extended for another 6 months,
  • Partial or total prohibition on the exercise of activities related to data processing.

Watch the video above and have a good overview on the subject and see how important it is to adapt to LGPD.

In this video, the Doctor and Master in Law from the State University of Rio de Janeiro (UERJ), Igor Pereira discusses the General Data Protection Law (LGPD) in practice .

According to him, LGPD is a digital landmark that regulates as companies and organizations collect, use and now should protect personal data and information.

Mostly, Dr. Igor Pereira points out that, to adapt to LGPD, among the changes imposed by the new law, companies and organizations must pay attention to three aspects:

  • The user's right to request that their data be deleted;
  • explicit consent to use their data for marketing purposes must be previously obtained by companies ;
  • There will be fines imposed on companies that fail to comply with LGPD.

Adapt to LGPD: a big compliance challenge

LGPD says a lot about respect for the maturity of companies. In fact, it separates companies that have an effective compliance policy of those who do not have or do not know what it is about.

Compliance is an English term derived from the verb ( TO COMPLY ) which means being in agreement with rules, resolutions, laws, and/or a set of established and agreed rules.

Much more than just “being”, Compliance has to do with acting in accordance with the General Personal Data Protection Law (LGPD).

Above all, what matters and what protects is the practice . Above all, doing what should really be done is the best way to truly adapt to LGPD and what exponentially increases the level of safety and protection.

In this sense, from the point of view of corporate governance, companies that really fit and comply with the agreed and the legislation, for example, are well-written and have a better reputation.

Certainly, an achievement and unequivocal demonstrative of strategic intelligence , which paves the path towards competitive differentials and excellence in management.

After all, the level of maturity, culture and internal policies are reflexes of the quality of management .

LGPD: adequacy versus protection!?!

The General Personal Data Protection Law has a focus and approach specially focused on protecting personal data . people -related information processing processes .

Therefore, two considerations are obvious. Since, from them, it is clearly understand the difference between adequacy and protection from LGPD .

First, in accordance with the very name of the General Law on Personal Data Protection. That is, who focuses it on the individual, in the human person. So they are excluded from the “protection” of LGPD companies and other private entities.

Secondly, that the effectiveness in protecting personal data is performed only through information security . Both digital and analog means, in the case of physical files, for example.

relevance of information security technologies for effective protection of personal data and information that companies and organizations need to make available to their customers and users are undeniable

How to adapt to LGPD

Probably adapting to LGPD will require some investment . To a greater or lesser extent, companies and organizations should be able to standardize the data collection of their customers and users and, especially, increase the effectiveness of information security technologies.

According to an article published in Lumun Blog earlier this year, by Aléx Oliveira, to adapt to LGPD, it is necessary to comply with the new legislation .

See below the 15 tips to fit the LGPD and comply with the new legislation .

  1. Define a process of obtaining consent for personal data processing.
  2. Implement a management solution of the rights of data holders
  3. Elaborate a policy of retention and data disposal.
  4. Elaborate and maintain a record of personal data processing
  5. Implement a solution for Impact Analysis on Data Protection (DPIA) .
  6. Data Protection Officer (DPO) governance model .
  7. Hire an external advisor .
  8. Educate employees through a privacy training program .
  9. Install solutions for identity and access management .
  10. Structure, define and formalize an incident management process .
  11. Review old contracts and update them with protective clauses.
  12. Include protective clauses in new contracts.
  13. Elaborate and maintain internal and external privacy policies .
  14. Implement a solution to increase internet and information security.
  15. Define a process of LGPD regulatory changes

Click here and read the full article.

Adapting to LGPD should mean effective protection

The search for the effectiveness of the protection that adapt to LGPD should provide, for sure, requires quality and reliability in internet and information security solutions and technologies .

In fact, the tendency is that technologies in which companies and organizations should invest to ensure the effectiveness of protecting themselves to LGPD go through solutions such as VPN firewall devices .

Finally, it is worth remembering that to adapt to LGPD, it is essential that managers seek knowledge and to implement good information management practices and invest in effective Internet security solutions in their companies and organizations.

Lumiun DNS Free Trial
Author
Kelvin Zimmer
Cybersecurity columnist, productivity specialist and Marketing Analyst at Lumiun.
Related Posts