The advancement of technology has brought us needs that had not previously been prioritized. The Data Protection Law ( General Data Protection Law ) brought rules and protocols to be followed to meet information security needs. The increase in cyber incidents and attacks has demonstrated that the internet is an insecure environment and can represent a great risk for companies.
According to data updated in 2022, 90% of Brazilian homes already have internet access in the country , delivering 155.7 million Brazilians connected to this technology. Since the moment it came into force, the data protection law has helped companies establish protocols for collecting and maintaining data in a more efficient and secure way.
This law was created in 2018 and came into force in 2020, and its objective is to provide standards for the processing of personal data in the digital environment. Its standards focus on guaranteeing people's right to freedom and privacy . Monitoring compliance with this law is carried out by the National Data Protection Authority, a government entity responsible for supervising public services.
Better understand the role of LGPD in protecting personal data:
How does data leakage impact companies?
Information leakage is one of the most serious problems faced by companies that have suffered cyber attacks. More than exposing information, the company will need to deal with the damage caused to its image and the punishments imposed by data protection law.
This specific problem was one of the main driving agents for the creation of a specific law to protect information. This is because data can generate the following problems:
- The leakage of confidential data can cause harm to the progress of processes and strategies within the company;
- If the incident makes financial data of individuals public, such as bank information, statements, credit card information, pay stubs, among others, this information can be used fraudulently to carry out scams ;
- Leakage of personal data can encourage the use of information inappropriately, such as creating direct mail, developing consumer profiles, selling products, etc.
Data leaks can cause immense problems for a business's reputation. Regardless of the company's sector of activity, this type of incident can alienate customers and investors , harming the company's growth and development.
With a survey carried out by IBM, Brazil occupies fourth place in the ranking of data leak records , with 26,523 leak records. This type of incident can now trigger administrative proceedings and data protection sanctions, which can be:
- Warning;
- Disclosure of the infraction committed;
- Blocking and deletion of information involved in this infraction;
- Many substantial ones, reaching R$50 million.
Combined with all these problems, the company will have an immense impact on its image in the market and its consumers . Faced with some pecuniary punishment, companies will also need to adopt additional solutions in their data protection strategy. This means that in addition to reviewing its compliance with the LGPD, the business will also need to establish an awareness campaign and update its digital security policies.
See the main data leaks that occurred in 2022:
- Twitter: more than 63 GB of files were leaked, with data from 221 million people.
- Nvidia: the chip developer suffered from the leak of access credentials of 71 thousand employees.
- Samsung: in two attacks suffered in 2022, the multinational had 200GB of information leaked.
- Revolut: in a cyber scam, Fintech had data from more than 50 thousand customers leaked.
Updates to the Data Protection Law
On January 27, 2022, Resolution No. 2 was published by the National Data Protection Authority. This update has relaxed one of the rules aimed at small businesses , which apply to the following businesses:
- Microenterprises small businesses;
- Startups;
- Legal entities governed by private law.
Although this resolution brought a little more flexibility in adapting these companies to the LGPD, it is important to remember that small agents are not exempt from complying with these rules.
Other changes to mention are:
- From 2023 onwards, the inspection and punishment of illegal activities will begin, giving more power to the National Data Protection Agency in order to implement inspection and punishment more efficiently;
- The update also divided ANPD agents into two categories: controllers who have decision-making power over information processing activities, and can choose a third company to do so, which is called an operator. Operators do not have the same decision-making power as controlling agents and have more limited decision-making power.
In the second half of 2022 alone, Brazil suffered an increase of almost 50% in cyber attacks suffered . For this reason, adapting to the LGPD has become a priority for companies, making it necessary to implement resources and solutions that help maintain cybersecurity and the confidentiality of stored data .
Why comply with the LGPD?
As we saw previously, monitoring compliance with the General Data Protection Law will become even more intense this year . Therefore, we have separated some reasons that will help you understand the importance of adapting to this legislation and ensuring that your company's data is even more secure:
Sanctions are already being applied
Many companies are still unaware that the supervisory agency is already implementing substantial fines for companies that fail in security processes. Leakage of data from customers, suppliers and partners is a serious failure , and can generate an immense financial impact for your company.
Impact on business image
Due to increased competitiveness, problems of this type can depreciate the value of your brand in the market. Companies that became known for information leaks lost credibility and profitability as a result of this problem. And in this sense, we are not just talking about the financial value. The image crisis caused by information leaks has an immense impact on the image of a business.
It's not just your company that needs to adapt
Suppliers and partners also need to comply with the standards set out in data protection law. It is also necessary to know that you may end up being held responsible for the actions of supplier companies , and it is necessary to assess compliance with the LGPD before concluding a contract.
Your company may be charged
Many businesses are already requiring compliance with the General Data Protection Law in the request for proposal. If your company is not adapted to this new legislation, it could lose valuable partnerships and contracts for its continuity.
Implementing a culture of internet security
More than relying on technological tools to guarantee the security of the information stored by your company, the LGPD also expects there to be a process of employee awareness . Your team needs to understand the need to maintain good cybersecurity practices to avoid creating vulnerabilities within your business.
Reduces the risk of scams and cyber threats
There are several scams on the internet that can, in addition to causing a financial problem, cause the interruption of your activities . And we know that a stopped company is a loss of money. Compliance with the LGPD will help you maintain the security of your devices and networks and avoid the incidence of this type of scam.
How to ensure company internet security
It is very important that, to maintain information security within your company, the right tools are used. Although there are countless solutions on the market focused on cybersecurity, it is necessary to know exactly what your company needs and the best resource to implement.
Most cyber threats manage to claim their victims based on network vulnerability and incorrect use of resources. This means that it is also the responsibility of employees to ensure that networks, devices and documents remain secure.
To do this, your team needs to know the importance of maintaining good practices in the use of the company's digital resources. In addition to creating secure passwords and adapting to the Internet Usage Policy , users also need to understand the importance of not carrying out inappropriate access during working hours.
Many cyber scams originate from misleading advertisements, false emails ( phishing scams ), and indiscriminate downloads. For this reason, it is essential that your company has access control resources to help avoid this type of problem within the business.
These tools can help managers monitor online activity and ensure their employees stay out of trouble . To do this, you can rely on Lumiun tools, such as Lumiun Box and Lumiun DNS .
Contact us and find out how to keep your company safer and more secure . LGPD came to bring more security to data, and your company's responsibility is to use the best tool on the market to contribute to this process.
Until later!