The General Data Protection Law is on a countdown to come into effect. The deadline for implementing the measures required by this new legislation ends in August 2020. Until then, technology companies must adapt to the new protocol and avoid fines of up to R$50 million.
If your service involves collecting user data, even the most basic information, such as name and email, be careful, as the new law is targeting this business model to avoid losses to customers and also to strengthen Consumer Rights.
Want to know what it takes to be regulated and avoid any penalties for data misuse? Be sure to read this entire article.
What is the General Data Protection Law?
The news gives the correct dimension regarding the LGPD. In recent months, several scandals involving the incorrect use of personal data of internet service users have been uncovered – including cases kuwait email list involving government agencies, such as the election of Donald Trump in the United States, in which, with the purpose of influencing votes in favor of the Republican candidate, an agency used data collected by Facebook to target American voters.
This example alone exposes the fragility of online security when it comes to the integrity of the information we deposit on digital platforms, and also the incompetent legislation to deal with the relationship between individuals versus software and applications.
Inspired by European regulations, based on the rights of freedom and privacy, Brazilian law was created, as mentioned previously, with the aim of strengthening users and Consumer Rights.
Sanctioned in August 2018 and applied from August 2020, the LGPD gives a two-year adaptation period to its rules regarding the collection, storage, sharing and any other stage of the management of this information, such as cancellation and deletion.
Benefits of LGPD
By implementing security laws for sharing personal data, Brazil has reached a pioneering level in terms of the privacy of its citizens and, consequently, the security of the State, since the regulation of these practices guarantees legal control over irregularities that today affect everyone.
Specifically regarding Brazilian users, they will have power over the information shared, even requesting, if they wish, cancellation and deletion: a situation currently inconceivable in the company-consumer relationship, which not only uses data improperly for its own benefit, but also sells it to third parties.
Role of companies
To put this planning into practice, in addition to legislation, it is essential that technology companies understand the new legal code and prepare to make the necessary changes. And what are they?
One of the pillars of the LGPD is transparency with the consumer. To begin with, data requests must be transparent by identifying the reason for each piece of information requested. In other words, access to content such as photos and user locations will no longer be permitted if there are no justifiable reasons for such use. In addition, explicit and free authorization from the user regarding the use of data is another new requirement.
Another obligation of companies that must be implemented by August 2020 is the creation of an Information Security Committee. Within the institutions, it will be the body responsible for verifying the current security status of the information provided by users of their systems and for developing measures to comply with the General Data Protection Law.
The cycle that promotes the existence of this committee is exercised by four figures:
The holder: the person who provides their personal data to different types of services;
The controller: represents companies that operate services that require personal data;
The operator: the company responsible for collecting and using the information correctly. Controller and operator may not be the same, as the latter may be a third-party service;
The person in charge: is the professional responsible for the correct application of the LGPD, and is even legally responsible, together with the company, in the event of irregularities.