Technology entrepreneurs are already familiar with issues related to users' privacy
This is because the use of data from user and clients on the Internet generates heated debates in the technological universe.
For many, the limits are not yet well defined.
With the introduction of the General Personal Data Protection Law (LGPD) , the scenario changes.
There is no more room for uncertainty.
Companies that have customer banks and users need to understand what the law is about so that they do not enter illegality !
If you are an entrepreneur who works in the technological business or who is not sure about what the law deals with, stay tuned following.
Privacy in the target of Europeans
Recently, the misuse of personal data in various leaks - including influenced in the US 2016 elections - motivated the European Union Parliament to develop specific legislation on the subject.
Thus, in 2018, the GDPR - General Data Protection Regulation or General Regulation on Data Protection .
Regulation disciplines the way data from residents in the European Union should be processed and influence companies worldwide , as the internet allows European citizens to contact foreign sites and vice versa.
In short, European law protects citizens from misuse and marketing their personal information.
It is important to emphasize that the Brazilian LGPD was strongly influenced by the regulation placed in force in the Old World.
But, after all, what does the general law of personal data protection say?
The General Data Protection Law
Law 13.709/2018 , better known as the General Data Protection Law, was created in the global context of the discussion about privacy and aims to protect customers, users and consumers from misuse of their personal data by companies.
Although approved in 2018, the law gave two years for adjustments.
The deadline for the term of the General Data Protection Law (LGPD) was postponed to January 1, 2021 due to pandemic.
First of all, it is important to underline that Brazilian law disciplines any and all sensitive information from clients, whether stored in physical or digital environment .
Thus, all companies must adapt to the legislation , including those that are not in the field of information technology!
LGPD's main fundamentals take place as follows:
-
Respect for privacy
-
Informative self -determination
-
Inviolability of intimacy […]
-
Free initiative, free competition and consumer protection and
-
Human rights, the free development of personality, dignity and the exercise of citizenship by natural persons.
As is clear from reading, the main focus of the law is to protect citizens.
Exactly because of the legal focus, it is necessary for companies to understand LGPD.
Failure to comply with its rules entails severe punishment, as will be seen below.
With all the factors in mind, who are the main affected by the General Law on Personal Data Protection?
The subjects of the general law
LGPD lists four subjects in sensitive data processing operations:
- Holder is the person whose data is intended to protect
- Controller is the natural or legal person, of public or private law, who decides what will be done with personal data
- Operator is the natural or legal person, of public or private law indicated by the controller who effectively performs the processing of personal data
- person is the person indicated by the controller and operator to act as a communication channel between all parties, including the regulatory and supervisory authority.
If your company has a customer personal database, it certainly fits one or more of the above hypotheses and may be held responsible for breaking the law.
Another important point is that individuals are also affected by legal rigor if they have personal information about their customers.
It is hard to imagine, therefore, a company that is not under the scrutiny of the new legislation.
But what is the general law on personal data protection anyway?
Main points of LGPD
The General Law on Personal Data Protection has principles that are of important knowledge of companies:
Purpose
Personal data must be used for the purpose for which they were destined and informed to the holder. Any deviation in this use, including commercialization by third parties, is a blatant disrespect to the LGPD.
Adequacy
In addition to respecting the purpose for which data is intended for, the company must ensure that use is appropriate to the context , ie: data processing is contextualized and makes sense with its initial purpose.
Need
The law provides for the limitation of data processing to the minimum necessary to perform their purposes .
Free access
Holders must be guaranteed and free and free consultation on the form and duration of information processing, as well as the integrality of their personal data.
Data quality
Personal data should be accurate, clear, relevant and updated in relation to the purpose for which they were collected.
Transparency
The content of the data stored must be transparent, ie the holder must have easy access to his information.
Security
The company must protect personal data from unauthorized access and accidental or illicit situations from destruction, loss, alteration, communication or diffusion.
Prevention
Data processing should adopt measures to prevent damage to occur due to personal data processing.
Non -discrimination
Data cannot be used for illicit or abusive discriminatory purposes.
Accountability and accountability
The agent must adopt effective measures and capable of proving compliance and compliance with the rules.
What happens if the company violates the law? Let's see below.
What happens if the company disrespects the law
The law provides for serious sanctions in case of non -compliance:
- Warning , indicating the deadline for adopting corrective measures
- Simple fine , up to 2% (two percent) of limited revenues, in total, to R $ 50,000,000.00 (fifty million reais) for infraction
- Daily fine for non -compliance
- Infringement Advertising
- Blocking personal data until regularization
- Elimination of personal data referred to in the infraction
- Partial suspension of the operation of the database for a maximum period of 6 (six) months, extendable for the same period
- Suspension of the exercise of the activity of processing personal data for a maximum of 6 (six) months, extendable for the same period
- Partial or total prohibition on the exercise of activities related to data processing
The General Personal Data Protection Law is extremely rigorous, which makes us return to the beginning question:
After all, should my business worry about LGPD?
Yes!
Currently, virtually all companies have databases about their customers and are therefore affected by LGPD.
Those who do not adapt are subject to the rigor of the law, which can mean from a millionaire fine to the prohibition of performing the activities , depending on the case and the sector.
Make no mistake about the possible lack of supervision.
The tendency is the continuous increase in the protection of the right to consumer privacy.
Do not wait until you receive a legal notification or a fine!
The Lumiun Tecnologia has professionals specialized in the subject.
Continue informed about the subject
See our other article with 14 tips to comply with LGPD .
If you are interested in knowing more about this and other technology universe issues, subscribe to our newsletter Information Safety Week to receive selective content weekly.
Keep visiting our blog . There are several articles related to the information security and productivity of the team!
1 comment
Comments closed