Approved in August 2018, but effective from August 2020, the LGPD or General Data Protection Law is a federal law that aims to bring legal security regarding personal data that is shared through the internet. The law applies to several segments that operate online, from e-commerce to social networks, including government and social organizations.
Law 13.709 arrives to create a standard of rules and practices that companies and public agencies that operate online must apply to the data of citizens residing in Brazil. The LGPD applies not only to companies based in Brazil, but also covers entities that only process data from users residing in the country. To help you better understand how the LGPD works, and what the security tools that federal law implements are, Tecmundo presents some questions and answers about the LGPD.
What does the LGPD aim to protect?
The main objective of the law is the security of users’ data, since we know that nowadays several companies sell, pass on and share personal information obtained by consensus or not, which can make a user not even know exactly what personal data are exposed.
With the application of the LGPD, more attention is given to the collection, management and storage of data, which favors the application of penalties for those who share information from third parties in an illegal manner, as in other countries that have legislation in place to the theme. The law also aims to highlight and guarantee the user’s right to revoke access to data, request transfers or even request that data be deleted at any time, punishing anyone who does not comply with the established agreements.
What data is protected?
The LGPD protects what it calls personal data and sensitive data. Personal data are those that allow the identification of a living individual, directly or indirectly: name, ID, CPF, gender, date of birth and the like. The law also classifies the user’s IP address as personal data, as well as data such as cookies and information about the consumption habit that the user has linked to their online profiles, since there are software that record the search history for example.
The law also distinguishes between data, classifying some as sensitive data. Sensitive data are those that require even more care in handling them, since they represent content about children and adolescents, data that reveal racial or ethnic origin, religious or philosophical beliefs, political opinions, genetic issues, about an individual’s health or sexual life .
Does the law apply outside Brazil?
The General Data Protection Law establishes that it does not matter whether an organization’s headquarters or its database are located in Brazil or abroad, but whether there is data processing of Brazilian people, who in turn are in the territory national.
This of course is very important, since there are several extremely popular services that, even though they are available in Brazil, do not have representatives in person in the national territory. It should be noted that the LGPD does not prohibit the sharing of information with international bodies and companies, but rather that this type of process takes place through secure protocols in compliance with legal requirements.
The inspection of data security protocols is the responsibility of the ANPD (National Data Protection Authority), a federal body that is responsible for ensuring, implementing and monitoring compliance with the LGPD.
The ANPD is also the one who edits regulations and procedures to be adopted in data processing. The organization also has five directors, a national council with 23 representatives, internal affairs, ombudsman and its own legal advisory body, all to optimize the operation and application of the LGPD.
What punishments are applied to offenders?
The LGPD establishes that companies and organizations that do not comply with users’ data security protocols are liable to warnings and fines ranging from 2% of their gross revenue, which can reach R $ 50 million.
The law further states that offenders are also subject to punishment in administrative, civil and criminal spheres, so that both public and private entities can be punished.
It is expected that with the application of the law, the internet will have standards and protocols that bring more tranquility and security to users and companies, after all, standards and regulations help to create a safer and more functional environment for everyone.