LGPD: what is it and how to apply it in the company?

The General Personal Data Protection Law (LGPD) will come into full force on January 1, 2021. From this date onwards, Brazil will have specific legislation to protect the data and privacy of all Brazilian citizens.

As it is a project of interest to all citizens, the LGPD is leaving several questions for Brazilian businesspeople: what is this LGPD law? Who will regulate? How does it impact my company? What do I do to adapt?

With these questions in mind, we wrote this article to determine what your company should do to stay up to date with this new law.

What is LGPD?

The General Personal Data Protection Law ( LGPD – Law nº 13,709 ) was sanctioned on August 14, 2018 and would come into force from August 2020, however, the deadline was postponed to January 1, 2021 due to the pandemic. This regulation establishes a series of rules that all companies and organizations operating in Brazil will have to follow to allow citizens to have more control over their personal data, ensuring transparency in the use of individuals' data in any way.

Inspired heavily by the GDPR (European regulation that was approved in 2016), the LGPD determines how citizen data can be collected and stipulates punishments to ensure that companies comply with the law, ranging from a simple fine of up to 2% of the company's revenue. company in its last fiscal year, limited in total to R$50 million per infraction, up to a daily fine, observing the total limit of the simple fine.

With the LGPD, companies must make some investments to standardize the collection of citizen data and, above all, increase the security of this information. And when it comes to security, some steps may be necessary:

• Consent to the use of data approved by the user;
• Protect users’ personal data;
• Implement control and security services against unwanted access, viruses, phishing and ransomware to guarantee the previous item. See article on Information Security in 2018: relevant facts and the increase in virtual attacks ;
• Respond quickly to any suspected threat; It is
• Visibility and control over these security tools. See the article Lumiun is one of the 117 startups that are changing IT in Brazil.

Who regulates the LGPD?

From August 2020, the body responsible for investigating, investigating and punishing, when appropriate, those who do not comply with the LGPD, will be the National Data Protection Authority (ANPD). The ANPD was created in 2018, through a provisional measure (MP 869/18) to monitor and apply sanctions described in the LGPD.

Therefore, it is very important that companies start seeking the necessary adjustments in sectors such as IT, HR, Finance and Legal now in order to avoid unpleasant punishments from the second half of 2020 onwards.

How does LGPD impact my company?

One of the biggest changes that the LGPD will bring will be in the control that the user will have over their data used by the company. In other words, the employee/citizen now has the right to know how their personal data is being used by the company.

To use citizen data, Law 13,709 determines that the company must use good faith and follow certain principles. Among the principles, we highlight the following:

• Purpose: carrying out the processing for legitimate, specific, explicit and informed purposes to the holder, without the possibility of subsequent processing in a manner incompatible with these purposes;
• Free access: guarantee, to holders, easy and free consultation on the form and duration of processing, as well as the completeness of their personal data;
• Security: use of technical and administrative measures capable of protecting personal data from unauthorized access and accidental or illicit situations of destruction, loss, alteration, communication or dissemination;
• Prevention: adoption of measures to prevent the occurrence of damage due to the processing of personal data;

Furthermore, the law determines 9 hypotheses for the company's data processing to be considered legal, of which we would like to highlight the first that fits most organizations:

• Upon provision of consent by the holder. The company can only collect user data with your express authorization. This means that citizens need to be notified of any and all actions involving the use of their personal data.

In short, the major impact of the LGPD on companies is related to the information collection and security policy. In this new scenario, the user will have the right to all information about how the entity, whether public or private, will use their data, for what purpose, in what form and for how long it will be stored and with whom it can be shared.

We know that there is a lot to do within companies to adapt to the new law. Therefore, it is important to reiterate that organizations must start adapting their processes and products as quickly as possible to avoid ANPD fines.

Adapting the company: next steps

The LGPD will be applied to all sectors of the economy and all company sizes. Even companies that are averse to technology and that still keep their records on paper are subject to the new law. After all, it is citizens' personal data that is stored with the company regardless of whether it is physical or digital.

The first step is to define a team that is responsible for analyzing the internal procedures regarding data collection and the flow of this information within the company, involving third parties with whom the company has to share this data. More contemporary companies call this team “ compliance ”, that is, being compliant means being in compliance with external and internal laws and regulations.

Once all flows have been documented and deficiencies have been detected, it is necessary to initiate procedures to make the use of data completely safe for employees and the company.

How can Lumiun help with LGPD compliance?

The LGPD requires data processing agents to adopt security measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or any form of inappropriate or unlawful processing.

Lumiun is a cloud-based service that protects your company from internet threats, making the network safer and the team more productive.

Discover some of the benefits of Lumiun:

• Prevents attacks on the company network and adds a strong layer of protection against viruses and malware.
• Provides information about Internet use in the organization, with reports containing websites accessed, times, website categories, etc.
• Allows the implementation of an Internet access policy
• network security
• Classifies Internet access into categories and security levels, preventing access to harmful and unwanted .
• Protects and applies access rules to all devices connected to the local network, such as blocking websites and social networks, including computers, tablets and smartphones.
• See more benefits and features on the Lumiun website: www.lumiun.com

Ultimately, Lumiun helps your company comply with the security and prevention of the LGPD. It increases the security of all equipment (servers, computers, cell phones) preventing access to harmful and unwanted websites such as Hacking, Malware, Spyware, Phishing and online fraud. Plus, it has an easy and intuitive control panel to apply access control rules or view security reports, firewall logs and traffic in real time.

Try Lumiun using our demo panel.

Bonus

And for those of you who read this far, we have a special bonus. We have created a document template that you can download and adapt according to your needs, to be used to obtain the consent of employees and users for the use of data by the company. Download the Document Template for the Consent Form for the Processing of Personal Data .

Another material that may be of interest to you is Document template on internet use policy in companies . This document aims to inform the employee about the internet use policy in the company's work environment, proving the professional's awareness of the rules for using the internet, aiming for the appropriate use of technology resources.

Did you like this article? Then share it with your co-workers so that together they can make the company compliant with the LGPD.

Do you have any doubt? Write here in the comments and I will be happy to answer you.