LGPD: know what your company needs to do by August
As of August 1, 2021, the fines imposed by the LGPD (Brazilian General Data Protection Law) will be applied to companies that are not adapted to the new law.
In order to prevent your company from being harmed, it is important to adapt it as soon as possible to the requirements set forth by the legislation.
With the well-being of your company in mind, we wrote this text to help you discover the changes that will be necessary to make in your business.
To begin with, let’s find out what types of data are encompassed by the LGPD.
What data is protected by the LGPD?
The rules established by the LGPD apply to the following types of data:
- Personal data: those that identify an individual, for example, individual taxpayer ID, telephone, full name, address, e-mail address, photograph, IP address, among others.
- Sensitive data: they refer to information about a specific person that may lead him or her to suffer discrimination or prejudice. For example, sexual orientation, ethnicity, political ideologies, religious beliefs, among others.
The data can be obtained both physically and digitally, and in both cases, they will be covered by the protection offered by the law. Therefore, when collecting such information, it is also important to have consent to use it.
Concerning sensitive data, it is worth mentioning that they can only be collected if there is an explicit authorization from the owner and should only be used for a defined purpose, which can also be called legitimate interest.
All legal institutions and establishments, whether public or private, that use data from third parties, customers, or even employees must comply with the LGPD.
So, what are the obligations your business must fulfill? In the next topic, we will address this.
LGPD: What are the responsibilities of each company?
The new law provides guidelines on how the processing of collected data should work and it is extremely important to guarantee its security. See what your company needs to do by August to adapt itself:
- Hiring a Data Protection Officer
For data to be handled correctly, some organizations will need to appoint someone to take charge of processing personal data.
The main duties of this role will be:
- Working as an intermediary between the company and the data owner, facilitating communication between both parties and responding to the owner’s complaints and requests.
- Establishing the connection between the corporation and the government, receiving instructions from the ANPD (National Data Protection Authority), and taking care that they are complied with.
- Ensuring that employees follow the rules set forth by the LGPD, and for this, they will provide training and guidance to handle data appropriately.
- Following the attributions established by the controller and executing complementary norms that the organization decides to use to guarantee the security of information.
- Analysis of data protection and privacy
It is essential to review the current privacy and protection policy and make any necessary adjustments.
The owner needs to be aware of how their data will be used and what safeguards are guaranteed to decide whether to provide it or not.
Make a strategic plan and check all the controls and processes of your company looking for solutions to risk situations.
Possible security gaps should be looked for to minimize the risk of loss, theft, or hijacking of information.
With the adoption of the LGPD, it is crucial to adopt administrative and technical measures that are effective in protecting information.
For example, to protect your company from stealing of data, it is possible to use software such as senhasegura.
- Training of employees
In order for the LGPD rules to be followed by all employees, it is important to invest time and resources in training.
To achieve this goal, one can offer courses, lectures, among others.
Employees need to understand how they can prevent leaks and know their responsibilities and consequences.
Besides, some data is restricted to certain sectors, and their members must understand this and be committed to the information in their hands for not sharing it with third parties.
In times of pandemic, when many workers have joined the remote work approach, it is interesting to provide guidance on how to maintain security during activities.
The adoption of data protection measures must become part of the collective and individual thinking of all employees, becoming part of the corporate culture too.
- Beware of partners and outsourcing
Those who are partners of your business or provide outsourced services also need to adapt to the LGPD.
The contracts with suppliers and third parties that have access to your company’s information need to be reviewed to ensure that they comply with internal and external data privacy rules.
It is necessary that partner ventures also have a culture of privacy and security so that problems do not arise in the future and for your company to remain within the risk limit previously established.
LGPD: what are the fines for those who do not comply with?
The data law fines will begin to be enforced from August 1, 2021. Check some of the sanctions for those who break the LGPD rules:
- Fine of up to 2% of the company’s revenue, which may reach the amount of R$ 50 million for an infraction committed.
- Partial suspension of the database operation for a period of up to 6 months with the possibility of an extension for an equal period.
- Suspension of the activity of processing personal data for up to 6 months with the possibility of an extension for an equal period.
- Partial or total prohibition of activities that deal with data processing.
So that you do not suffer losses, make sure that the LGPD rules begin to be complied with by your business.
Think about what changes your company needs to make. For example, if someone tried to break into your company’s database in search of personal data from your customers or employees, would it really be secure?
If you want to increase the security of your data, we can help you. Try a demonstration and find out how senhasegura can guarantee the protection that your company needs to comply with the LGPD.