With the world (and companies) becoming increasingly automated and technology advancing, it is necessary to be careful about storage and precautions regarding data and information leaks, not only with your business data, but mainly with your customers’ data. That is why it is important to know what LGPD is and how to apply it in your company.
If you, like many managers, have doubts about this law and its applicability, continue reading this article and we will explain everything.
What is LGPD?
LGPD is the acronym for Brazil’s General Law on the Protection of Personal Data. It was enacted in 2018 and came into force in September 2020, with fines being imposed at the end of August 2021. In January 2022, some specific rules for micro job function email list and small businesses were published, which we will discuss later.
The main goal of the LGPD is to give people greater control over their own information. The law establishes rules for companies and organizations regarding the collection, use, storage, and sharing of personal data, imposing fines and sanctions in case of non-compliance.
Something important about this law is that it is applicable to companies and organizations that process personal data of Brazilian citizens or residents, regardless of the physical location of the company, that is, whether the data belongs why you should promote kid to individuals located in Brazil, or whether it was collected in the country – cases in which the data owner was in Brazil at the time of collection.
What does the law say?
The LGPD changes the way companies operate chine directory by establishing rules on the collection, storage, processing and sharing of personal data, imposing greater care with protection and significant penalties for non-compliance with the rule.
Given this, it is clear that this law was not created to prevent data collection (as was often said at the beginning of the discussions), but to define guidelines for how this data is classified, processed, protected and used. In this regard, it is important to understand some important concepts:
Legal bases: can be defined as the hypotheses created by the LGPD that authorize the processing of collected data. The law provides for 10 legal bases. Among the most used bases for marketing and sales practices, we can mention:
Consent : clear and unequivocal statement by a person. Who agrees to the use of their data for the purposes proposed by the company (which must be clear in its privacy policy and/or terms of use).
Legitimate interest : allows the use of data without the need to obtain consent. However, it is necessary to take some care to understand. Which cases legitimate interest can actually be applied. It is necessary to carry out an analysis to weigh up the interests of the company and the rights of the individual.
>Contracts : data can be processed in two cases. The first being to comply with an obligation provided for in a contract and the second when the processing of data. Serves to validate and initiate the validity of an agreement.
Actors and roles in data processing
Controller: company/organization that makes decisions regarding personal data. Which defines when and how the data will be collected, for what purposes it will be used. Where and for how long it will be stored;
Operator: company/organization that carries out the processing of personal data. Under the orders of the controller.