How to comply with LGPD? See all the details of the data protection law
Posted: Sat Feb 01, 2025 10:23 am
It seemed like a soap opera plot, with twists, delays and uncertainties, but now it is finally official: the General Personal Data Protection Law will come into force in 2020, and companies need to know how to adapt to the LGPD to avoid sanctions and future problems.
The new law addresses the use of personal data by public and private companies and organizations. It contains rules and regulations that regulate the collection, storage, processing and sharing of this information. It came into effect shortly after the GDPR, a similar initiative in the European Union.
Its implementation was not easy. The LGPD was sanctioned costa rica phone number data in August 2018 by President Michel Temer. Initially scheduled to come into force in August 2020, there was an attempt to extend it to March 2021. However, it tends to be implemented in the country after the sanction by President Jair Bolsonaro.
Even with uncertainty about the legal deadline for implementation, the fact is that the issue has been part of companies' daily lives for at least two years. Now that it is about to come into force, it offers a path forward with regard to compliance and good practices in the care and protection of personal data.
From now on, it is necessary to rely on the support of technological solutions and disseminate an internal culture of conscious use of this information. It is necessary to combine respect for privacy and transparency while ensuring access to increasingly personalized and efficient products and services for users.
Who does the law apply to?
Many business owners do not know how to comply with the LGPD because they still have doubts about the scope of the rules. Basically, all organizations, public or private, that process the personal data of Brazilians, regardless of their physical location, are subject to the rules.
The only exceptions to the law are: individuals who have processed data subject information for personal purposes, information collected for journalistic, literary, academic and artistic purposes; and matters involving criminal investigation, public security and national defense.
An important difference between Brazilian law and GDPR is that both controllers and processors are responsible for the data they have collected from individuals. That is, they will be penalized equally if they are not in compliance. In the European Union, controllers face higher penalties.
How to adapt to LGPD?
In order for the company to comply with the rules stipulated by law, it is necessary to adopt some procedures. Check them out:
Improve IT infrastructure: Both the data controller and processor must improve IT security where they work by redefining data management procedures, network security, IT governance and operational efficiency.
Qualify existing data: then, it is necessary to identify all the data in the database used in the company to discard those that are not important and qualify the rest in accordance with the new standards.
Change processes: from there, remodel all processes that involve capturing and processing information, such as adopting new collection procedures and appointing an exclusive professional to protect it.
The new law addresses the use of personal data by public and private companies and organizations. It contains rules and regulations that regulate the collection, storage, processing and sharing of this information. It came into effect shortly after the GDPR, a similar initiative in the European Union.
Its implementation was not easy. The LGPD was sanctioned costa rica phone number data in August 2018 by President Michel Temer. Initially scheduled to come into force in August 2020, there was an attempt to extend it to March 2021. However, it tends to be implemented in the country after the sanction by President Jair Bolsonaro.
Even with uncertainty about the legal deadline for implementation, the fact is that the issue has been part of companies' daily lives for at least two years. Now that it is about to come into force, it offers a path forward with regard to compliance and good practices in the care and protection of personal data.
From now on, it is necessary to rely on the support of technological solutions and disseminate an internal culture of conscious use of this information. It is necessary to combine respect for privacy and transparency while ensuring access to increasingly personalized and efficient products and services for users.
Who does the law apply to?
Many business owners do not know how to comply with the LGPD because they still have doubts about the scope of the rules. Basically, all organizations, public or private, that process the personal data of Brazilians, regardless of their physical location, are subject to the rules.
The only exceptions to the law are: individuals who have processed data subject information for personal purposes, information collected for journalistic, literary, academic and artistic purposes; and matters involving criminal investigation, public security and national defense.
An important difference between Brazilian law and GDPR is that both controllers and processors are responsible for the data they have collected from individuals. That is, they will be penalized equally if they are not in compliance. In the European Union, controllers face higher penalties.
How to adapt to LGPD?
In order for the company to comply with the rules stipulated by law, it is necessary to adopt some procedures. Check them out:
Improve IT infrastructure: Both the data controller and processor must improve IT security where they work by redefining data management procedures, network security, IT governance and operational efficiency.
Qualify existing data: then, it is necessary to identify all the data in the database used in the company to discard those that are not important and qualify the rest in accordance with the new standards.
Change processes: from there, remodel all processes that involve capturing and processing information, such as adopting new collection procedures and appointing an exclusive professional to protect it.