Data security: what it is, how to apply it, cases and more!
Posted: Wed Jan 22, 2025 9:08 am
Data security may seem like just another hot topic, but it is a topic that deserves to be trending. In times of LGPD, leaks of confidential information and an ever-increasing need for online privacy, we need to broaden the discussion until everyone is aware of its importance.
From the security of individuals to that of legal entities, proper data protection guarantees a more peaceful life, without risks and headaches.
In this article, we will delve deeper into what data security is, how to apply it in the company, case studies and how Global keeps its customers' information properly protected.
Data security, what is it?
Also known as information security, data security encompasses a set of strategies and good practices to maintain the privacy and integrity of the personal data of countless individuals.
This care is applied from the collection to the use, storage and disposal of this information. In fact, anyone who thinks that this concept only applies to the processing of digital data is mistaken: information stored on physical media also needs to be properly protected.
Data is classified as compromised when it is corrupted, inadvertently modified, lost, or leaked.
Data security in Brazil
Law 13709/2018, also known as the General Data Protection Law (LGPD), was approved in 2018 and has been in force since August 2020. It contains a series of rules that deal with the use, storage and disposal of personal data. In addition, it also created a series of new legal concepts, such as the concept of “sensitive data”, for example.
All companies must clearly understand the definitions established by the LGPD regarding the role that each agent plays in data processing :
Holder: natural person to whom the personal data that are subject to processing refer;
Controller: a natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data;
Operator: a natural or legal person, under public or private law, who processes personal data on behalf of the controller;
Person in charge: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD);
According to the LGPD, holders of personal data have the right to request, at any time:
Confirmation of the existence of treatment;
Access to your data;
Correction of incomplete, inaccurate or outdated data;
Anonymization, blocking or deletion of data processed in non-compliance with the LGPD;
Portability of data to another bulgaria phone number list or product provider;
Deletion of personal data processed with the consent of the holder;
Information on public and private entities with which the controller shared data;
Information about the possibility of not providing consent and the consequences of refusal;
Revocation of consent;
Opposition to the processing carried out based on one of the hypotheses of exemption from consent, in case of non-compliance with the provisions of the law;
Review of automated decisions;
The administrative sanctions provided for by the LGPD depend on the severity of the non-compliance. Among them are:
Warning, indicating a deadline for adopting corrective measures.
Simple fine of up to 2% of the net revenue of the private legal entity, group or conglomerate in Brazil in its last fiscal year, limited in total to R$50,000,000.00 per violation.
Daily fine.
Publication of the infraction after its occurrence has been duly investigated and confirmed.
Blocking of personal data involved in the infringement until its regularization.
Deletion of personal data involved in the infringement.
partial suspension of the operation of the database to which the infringement refers for a maximum period of 6 (six) months, extendable for the same period, until the processing activity is regularized by the controller;
suspension of the exercise of the activity of processing personal data to which the infringement refers for a maximum period of 6 (six) months, extendable for the same period;
partial or total prohibition of the exercise of activities related to data processing.
From the security of individuals to that of legal entities, proper data protection guarantees a more peaceful life, without risks and headaches.
In this article, we will delve deeper into what data security is, how to apply it in the company, case studies and how Global keeps its customers' information properly protected.
Data security, what is it?
Also known as information security, data security encompasses a set of strategies and good practices to maintain the privacy and integrity of the personal data of countless individuals.
This care is applied from the collection to the use, storage and disposal of this information. In fact, anyone who thinks that this concept only applies to the processing of digital data is mistaken: information stored on physical media also needs to be properly protected.
Data is classified as compromised when it is corrupted, inadvertently modified, lost, or leaked.
Data security in Brazil
Law 13709/2018, also known as the General Data Protection Law (LGPD), was approved in 2018 and has been in force since August 2020. It contains a series of rules that deal with the use, storage and disposal of personal data. In addition, it also created a series of new legal concepts, such as the concept of “sensitive data”, for example.
All companies must clearly understand the definitions established by the LGPD regarding the role that each agent plays in data processing :
Holder: natural person to whom the personal data that are subject to processing refer;
Controller: a natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data;
Operator: a natural or legal person, under public or private law, who processes personal data on behalf of the controller;
Person in charge: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD);
According to the LGPD, holders of personal data have the right to request, at any time:
Confirmation of the existence of treatment;
Access to your data;
Correction of incomplete, inaccurate or outdated data;
Anonymization, blocking or deletion of data processed in non-compliance with the LGPD;
Portability of data to another bulgaria phone number list or product provider;
Deletion of personal data processed with the consent of the holder;
Information on public and private entities with which the controller shared data;
Information about the possibility of not providing consent and the consequences of refusal;
Revocation of consent;
Opposition to the processing carried out based on one of the hypotheses of exemption from consent, in case of non-compliance with the provisions of the law;
Review of automated decisions;
The administrative sanctions provided for by the LGPD depend on the severity of the non-compliance. Among them are:
Warning, indicating a deadline for adopting corrective measures.
Simple fine of up to 2% of the net revenue of the private legal entity, group or conglomerate in Brazil in its last fiscal year, limited in total to R$50,000,000.00 per violation.
Daily fine.
Publication of the infraction after its occurrence has been duly investigated and confirmed.
Blocking of personal data involved in the infringement until its regularization.
Deletion of personal data involved in the infringement.
partial suspension of the operation of the database to which the infringement refers for a maximum period of 6 (six) months, extendable for the same period, until the processing activity is regularized by the controller;
suspension of the exercise of the activity of processing personal data to which the infringement refers for a maximum period of 6 (six) months, extendable for the same period;
partial or total prohibition of the exercise of activities related to data processing.