In august 2018, Brazil approved a similar law to the GDPR, what they call LGPDP. This new legislation will only come into force in 2020, but it will affect any kind of business in Brazil.
In short, it determines how Brazilian people’s data can be collected, treated and disclosed. That includes legal punishments to anyone that breaks the rules. Also, it will affect different areas, and cloud computing is in.
Considering constant threats and information leakings, the LGPD is very necessary and important for the current Brazilian environment. It keeps in line with international guidelines, such as the European General Regulation on Data Protection (GDPR).
Even though Brazil already has a law regarding data, there is still some opportunities to dubious definitions.
With LGPDP, many developers still have doubts about what they can or cannot do about the new rules. In numbers, Brazil generates 2.5 quintiles of bytes of data every day. These are issues such as the technical difficulties of providing information or working commercially with them may lead to serious penalties.
Given this scenario, we bring this article to clarify data usage in Brazil, even though you’re not in Brazilian territory.
It’s not only a mere fine, but also your reputation
We need to have in mind that breaking the new law will not only result in 2% from a company’s revenue fine (with a maximum value of R$ 50 million). We should also think about business’ reputation and what it means to the clients, given that the law requires that the infringement to be published and the data to be blocked or even deleted.
This can be even worse if you take into consideration the business’ loss of confidence by the public. That means the best practice here would be to keep transparent about data usage.
LGPD will change the way of making business; your current processes can become illegal
In the world that stands beyond the walls of a business, the operations will be modified. Information is once again owned by the individual and companies should show that they are interested in using this data and how they will make it.
Many of the current lawsuits will become illegal. It will be necessary to make an assessment of the maturity of risk processes and impacts, which is a survey of situations that must be corrected by companies to ensure that the LGPD is fulfilled in all departments.
You will probably need to modify contracts with providers and clients
Companies should comply with the rules, through actions such as changes in their contracts with providers and, mainly, clients. It is worth remembering that the law deals with the processing of personal data, including digital media, by natural person or legal entity under public or private law. Its purpose is to protect the fundamental rights of freedom and privacy and the free development of personality.
The bigger the business, more changes will be necessary
For large companies, some basic concepts of internal management will undergo transformations. One of the examples is the audit process. It should conform to the specifications of the data collection of employees, eliminating non-authorized information.
Organizations should also establish an Information Security Committee to review internal procedures. Within this body there will be an exclusive professional for data protection and responsible for compliance with the new law.
Is LGPDP valid to all kinds of company?
The law excluded the scope for those who treat data for purely private and non-economic purposes, such as journalistic, artistic, academic purposes. Also, it includes all that is exclusively for public security, national defense and state security purposes.
Mapping and classifying the data sources flow, and using technology tools to properly match the LGPD creates more business opportunities. Therefore, adapting to LGPDP before it goes into effect is essential if you want to monetize data more securely and ensure the credibility of businesses.
