The importance of adequacy to LGPD
In an increasingly digital world, it is common to leave personal information available on websites, applications and social networks. And with this, data security becomes even more necessary, since in this environment, there is not always control of who will access this information.
Information security is a subject discussed by various types of organizations, especially in technology. After all, all companies and any other agent that contain personal data in their databases should take care that this information is not exposed and remain safe.
A few years ago, there was an increase in data from millions of people available on the internet, leading to the growth in the number of Frauds made based on leaked or stolen data.
As a result, governments and companies began to worry about how this information was treated. Thus came the need to create ways to ensure that this treatment was done correctly, avoiding misuse of data.
In Brazil, the General Data Protection Law (13.709/2018) is created, inspired by the General Data Protection Regulation of the European Union (GPDR) and the California Consumer Privacy Act of 2018(CCPA), considered the first law of a North American state to ensure privacy and protection of personal data.
LGPD and other laws and rules governing privacy and personal data protection are based on the fundamental rights of freedom, privacy and free initiative. The right to privacy is the genre that encompasses all inviolabilities regarding honor, intimacy, private life, and the image of people.
In the LGPD, the consent of the data holder is considered an essential element for treatment, a rule excepted in the cases provided for in art. 11, II, of the law. The law brings various guarantees to the citizen, such as: to be able to ask their personal data to be excluded; revoke the consent; transfer data to another service provider; among other actions. The processing of the data should be done taking into account some requirements, such as purpose and need, to be previously agreed and informed to the holder.
To oversee and apply penalties for LGPD's non-compliance, Brazil has . The institution has the tasks of regulating and guiding, preventively, how to apply the law. However, the ANPD ( Law No. 13,853 /2019 ) And that is why the General Law on Personal Data Protection also provides for the existence of data processing agents and stipulates their duties in organizations, such as: the controller, who makes decisions about treatment ; the operator, who performs the treatment, on behalf of the controller; and the in charge, who interacts with the holders of personal data and the national authority.
Regarding risk and failure administration, the person responsible for managing personal data must also write governance rules; adopt preventive security measures; replicate good practices and certifications on the market; Prepare contingency plans; resolve incidents with agility, with immediate warning on violations of ANPD and affected individuals; conduct audits; among others.
Safety failures or contemplation of the standards required by LGPD can generate fines of up to 2% of the organization's annual revenues in Brazil - limited to R $ 50 million per infraction. The National Authority will set penalty levels according to the gravity of the failure and send alerts and guidelines before applying sanctions to organizations.
The importance of LGPD audit in organizations provides whether the practices and normatives required by law are being met or what needs to be appropriate to avoid data leaks, sanctions, fines and discontent of customers.
This picture shows how the applications and development of countries are about personal data protection.
Does your company need LGPD audit?
Audilink has a highly qualified team prepared to help. Contact our expert team.
Lenon Pereira da Silva - Audilink Information Technology Assistant
