Felipe Contin Sampaio 3:26 PM (0 minutes ago) to me

BR +55 11 3069 3925 | USA +1 469 620 7643

7 important details between the LGPD (Brazilian) and the GDPR (European)

by | Apr 29, 2019 | BLOG

The European GDPR as inspiration for the Brazilian LGPD

The General Data Protection Law (LGPD) and the Data Protection Regulation (GDPR) are very similar pieces of legislation, but their difference is the Data Privacy Officer (data controller) that the GDPR predicts, unlike the LGPD, which is still waiting for Congress to approve.

The GDPR is the updated version of another European Union privacy law, called the “Data Protection Directive”, which has been in force since 1995. The GDPR has legal protection and the Data Protection Directive is just a guide for good practices.

The European Union considers the protection of personal data as a right of any person living or being within the European territory. Therefore, if the person is a Brazilian and is in Europe, their data will be secured by the GDPR just because they are on European soil.

The LGPD complements the Civil Rights Framework for the Internet (Law 12,965 / 14) and comes to light at a moment marked by large leaks of information that involve the misuse of personal information.

In general terms, the two pieces of legislation are very similar, since both deal with the Privacy issue, defining the protection of personal data present in corporate databases.

The main proposal is that the individual’s right to know what information they provide to the services they use is fulfilled. In addition, the entity must explain why it requests certain data to the customer, and for what purpose they will be used.

7 important details between the LGPD (Brazilian) and the GDPR (European)

Despite the similarity, the Brazilian legislation has some more specific items. Here are seven important details about the rights guaranteed to Brazilians:

  1. be informed of the collection and sharing of your data whenever it occurs;
  2. full access to your data, including the possibility of correcting them;
  3. request that your data stay anonymous;
  4. guarantee of data blocking or deletion;
  5. have the option of disallowing cookies when accessing a website and receive information stating that this compromises the browsing performance and customization;
  6. request the interruption of communications and rest assured this is respected;
  7. review automatic algorithmic decisions about your data, with the right to request a human review.

Differences between the penalties provided for in the LGPD and those of the European law (GDPR)

Regarding the penalties, in the Brazilian LGPD, the penalties for non-compliance range from 2% of gross revenue to R$ 50 million (per violation).

In the European GDPR, the company can receive from a simple notice up to a fine of € 20 million or up to 4% of the company’s annual global revenue, whichever is greater.

In January of this year (2019), French CNIL, based on the GDPR, sued Google for € 50 million (estimated at $ 57 million) for the supposed breach of privacy rules contained in the law (in force in the EU since May/2018).

CNIL’s investigation began from a series of civil actions filed by privacy activist Max Schrems, who stated the following:

“We welcome the fact that, for the first time, the European Data Protection Authority is using the opportunities offered by the GDPR to punish gross violations of the law. After the introduction of the GDPR, we have found large companies that, like Google, simply interpret the law differently and constantly adapt their products superficially.”

(Original version: “Nous nous félicitons de ce que, pour la première fois, l’autorité européenne de protection des données utilise les possibilités offertes par le GDPR pour punir les infractions flagrantes à la loi. Après la mise en place du GDPR, nous avons trouvé de grandes entreprises qui, comme Google, interprètent simplement la loi différemment et adaptent constamment leurs produits de manière superficielle.”)

The GDPR and its impacts on Brazilian companies

In order to comply with the two regulations, technological solutions such as senhasegura – a management solution for privileged access, which automates all access management of privileged users, including the recording of sessions for later auditing, among other features – are fundamental for the success of a data management strategy.

The enactment of the law puts Brazil in the list of more than 100 countries that today may be considered adequate to protect the privacy and the use of data.

These regulations related to data privacy are very positive because they seek to bring a balance between the protection of personal data, the dignity of a human being, the privacy, honor and the image of people, as well as free initiative, and economic use of data in a legitimate, responsible, proportional, and reasonable way.

The main causes of data leaks

Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more! The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview...

What is the SOC 2 report and why is it important for senhasegura?

SOC 2 provides a report after completing the audit. Recently, senhasegura conquered this milestone, providing details on the principles of confidentiality, processing integrity, availability, and information security. Want to know more about this subject? Read our...

What is a lateral movement attack and how does it occur?

A lateral movement attack occurs when the cybercriminal gains access to an initial target to move between devices within the network without their presence being noticed. In this article, we explain in detail what side threats are and how to avoid them. Want to know...

Why are government organizations favorite targets for cybercriminals?

The government segment was one of the most attacked by hackers in the last quarter of 2022. Learn more! In recent years, malicious actors have demonstrated a propensity to attack government organizations, including through ransomware, although governments are not...

Building a Ransomware Incident Response Plan

Ransomware is a type of cyberattack where malicious attackers lock down their victims' computers and demand a ransom to unlock. In this, we show you how to create a response plan for incidents involving ransomware. Want to know everything about it? Read our text until...