General Data Protection Law
Understand the DATA PROTECTION LAW in practice
With the technological boom, digital media have acquired an important role in the daily lives of people and institutions, whether private, governmental or not.
With easy access to information, everyone's personal data circulates and travels with greater speed through the world wide web. Regardless of the reason, there was a need to store such data.
Our legislation until then did not provide for the guarantee of data protection for Brazilian citizens. Because of this need, Law 13.709 / 2018, which is known as the General Data Protection Law, was enacted and is based on the European Union's General Data Protection Regulation, which aims to safeguard the data of its inhabitants, since 1995. < / div>
It should be noted that the LGPD covers not only personal digital data, but also personal data, such as data previously stored on paper.
Below you will understand in practice the principles of how this law works, how it can bring benefits and collaborate so that everyone has their digital security guaranteed.
Adequacy: data processing must comply with the purpose for which it is intended, each sector must comply with the requirements relating to its area of operation. A clear example of this is the area of health that, as a rule, has confidential data from patient records.
Necessity: within the context of the law, data collection should be restricted to the treatment of only the strictly necessary data;
Transparency: companies must guarantee clear, reliable and accessible information to data subjects;
Free access: the broad right of the holder to obtain free access must be guaranteed to consult information about the treatment of his data in an easy and free way;
Principle of data quality: just as it must be transparent and freely accessible, there must be accuracy, transparency, relevance and constant updating of the data;
Security: data confidentiality and security must be guaranteed through efficient measures and techniques;
Prevention: this is one of the pillars of Information Security, being the duty of the company responsible for the treatment to avoid any problems; it is recommended to use platforms that ensure data privacy;
Accountability and accountability: the data controller must report if there is a problem during the processing process, and can respond in court if it does not honor this prerogative;
Non-discrimination: data processing cannot be done to discriminate or generate any abuse against the data subject;
Purpose: every data must have, from the moment of capture, a clear and objective indication that justifies its collection.
We emphasize that non-compliance with the LGPD implies a punishment that varies according to the gravity of the infraction, which includes the forecast of fines of up to 2% of the billing with a ceiling fixed at R $ 50 million and the possibility of total suspension or partial activity.
