LGPD: what is it and how to apply it in the company?

The General Law on Personal Data Protection (LGPD) will come into full force on January 1, 2021. From this date, Brazil will then have specific legislation to protect the data and privacy of all Brazilian citizens.

Because it is a project of interest from all citizens, LGPD is leaving several doubts to Brazilian entrepreneurs: what is this LGPD law? Who will regulate? How does it impact on my company? What do I do to adjust?

Thinking about these doubts, we wrote this article to determine what your business should do to keep up with this new law.

What is LGPD?

The General Law on Personal Data Protection ( LGPD - Law No. 13,709 ) was sanctioned on August 14, 2018 and would come into force from August 2020, but the deadline was postponed to January 1, 2021 due to pandemic. This regulation establishes a series of rules that all companies and organizations operating in Brazil will have to follow to allow citizens to have more control over their personal data, ensuring transparency in the use of individual data in any means.

Bigly inspired by GDPR (European regulation that was passed in 2016), LGPD determines how citizens' data can be collected and stipulates punishments, to ensure that companies comply with the law, ranging from a simple fine of up to 2% of the company's last year, limited to $ 50 million per daily fine, observing the total limit of the simple fine.

With LGPD, companies should make some investments to standardize the collection of citizens data and especially increase the security of this information. And when it comes to safety, some steps may be necessary:

• Consent of the user's use of data;
• Protect personal data from users;
• Implement Control and Safety Service against unwanted access, viruses, phishing and ransomware to ensure the previous item. See article on information security in 2018: relevant facts and increased virtual attacks ;
• Have quick response against any suspected threats; and
• Visibility and control over these security tools. See the article A Lumiun is one of 117 startups that are changing to you in Brazil.

Who regulates LGPD?

From August 2020, the body responsible for ascertaining, investigating and punishing, when convenient, those who do not comply with LGPD will be the National Data Protection Authority (ANPD). The ANPD was created in 2018, through a Provisional Measure (MP 869/18) to accompany and apply sanctions described in the LGPD.

Therefore, it is very important for companies to start now seeking the necessary adjustments in sectors such as IT, HR, Finance and Legal in order to avoid unpleasant punishments from the second half of 2020.

How does LGPD impact my company?

One of the biggest changes that LGPD will bring will be in the control that the user will have about their data used by the company. That is, the employee/citizen has the right to know how his personal data is being used by the company.

For the use of citizen data, Law 13.709 determines that the company must use good faith and follow some principles. Among the principles, we highlight the following:

• Purpose: Treatment for legitimate, specific, explicit and informed purposes to the holder, without the possibility of later treatment incompatible with these purposes;
• Free Access: Guarantee, for the holders, of easy and free consultation on the form and duration of treatment, as well as on the integrality of their personal data;
• Security: Use of technical and administrative measures able to protect personal data from unauthorized access and accidental or illicit situations from destruction, loss, alteration, communication or diffusion;
• Prevention: adoption of measures to prevent the occurrence of damage due to the processing of personal data;

And yet, the law determines 9 hypotheses for the company's data processing to be considered legal, which we would like to highlight the first one that fits most organizations:

• By providing consent by the holder. The company can only collect user data through its express authorization. This means that the citizen needs to be notified of any and all action involving the use of his personal data.

More summarized, the great impact of LGPD on companies is related to the information collection and security policy. Where in this new scenario, the user will be entitled to all information about how the entity, whether public or private, will enjoy their data, to what purpose, how and how long they will be stored and with who can be shared.

We know that there is a lot to do within companies to adapt to the new law. Therefore, it is important to reiterate that organizations should start adapting their processes and products as soon as possible to avoid ANPD fines.

ADJUST THE COMPANY: NEXT STEPS

LGPD will be applied to all sectors of the economy and all company sizes. Even avenged company to technology and still maintaining their paper records are subject to the new law. After all, they are personal data from citizens who are stored with the company regardless of the format being physical or digital.

The first step is to define a team that is responsible for analyzing internal procedures regarding data collection and the flow of this information in the company involving third parties with which the company has to divide this data. More contemporary companies call this team “ compliance ”, that is, to be in compliance , or compliant , is to comply with external and internal laws and regulations.

Do you do all flows and detected deficiencies, you need to start procedures to make the use of data fully secure for employees as for the company.

How can Lumiun help comply with LGPD?

LGPD requires data processing agents to adopt security measures able to protect personal data from unauthorized access and accidental or illicit situations from destruction, loss, alteration, communication or any form of inadequate or illicit treatment.

Lumiun is a cloud -based service that protects your business from internet threats, making the network safer and the team more productive.

Get to know some benefits of Lumiun:

• It avoids attacks on the company's network and adds a strong layer of protection against viruses and malware.
• It brings information about the use of the internet in the organization, with reports containing the websites accessed, schedules, websites, etc.
• It allows the implementation of an Internet access policy
• network safety
• Classifies internet access to categories and safety levels, avoiding access to harmful and unwanted .
• Protects and applies access rules to all devices connected to the local network, such as lock of websites and social networks, including computers, tablets and smartphones.
• See more benefits and features on the Lumiun website: www.lumiun.com

Finally, Lumiun helps your company to comply with LGPD's security and prevention As it increases the safety of all equipment (servers, computers, cell phones) avoiding access to harmful and unwanted websites such as hacking, malware, spyware, phishing and online fraud. Also, it has an easy and intuitive control panel to apply access control rules or view security reports, firewall logs and real -time traffic.

Take a Lumiun test through our demonstration panel.

Bonus

And for you who read this far, we have a special bonus. We create a document model that you can download and adapt according to your needs to be used to get the consent of employees and users to use data by the company. Download the document model now for the consent form for personal data processing .

Another material that may be in your interest is a document model on internet use policy in companies . This document is intended to inform the employee about the Internet use policy in the company's work environment, proving the professional's science about the rules of use of the Internet, aiming at the proper use of technology resources.

Did you like this article? So share with your co -workers so they can together leave the company compliant with LGPD.

Do you have any questions? Write here in the comments and I will be delighted to answer you.