Sanctioned in 2018, Law No. 13,709 – General Data Protection Law (LGPD) – represents an important milestone for the treatment and protection of personal data in Brazil.
Its goal is to protect freedom and privacy rights, regulating the collection, processing, storage, and sharing of personal data.
In addition to the importance of the LGPD, we have the relevance that the penalties brought to compliance with the law. If in the beginning there were doubts that companies could be fined, little by little, the oversight being carried out by the ANPD shows that the dosimetry will be applied at some point.
Companies that handle personal data must adopt a proactive approach to information security, implementing privacy practices from conception and throughout the data lifecycle.
Collaboration between sectors, awareness, and ongoing compliance are fundamental pillars for a successful LGPD approach.
The essence of LGPD is not punitive.
According to Dr. Carlos Eduardo, a lawyer specializing in privacy and data protection, certified by IAPP, CIPM, and CDPO Brazil, the essence of LGPD is not merely punitive; it seeks to contribute and assist. Isolated punishment is not the appropriate solution because it results in the marginalization of companies.
The correct approach should include prior oversight by the ANPD, as is already happening, and collaborative actions to promote compliance and prevent data leaks.
“Punishments cannot be the primary factor of an incident, but the result factor,” cites Carlos Eduardo. They must be proportional to the specific case, taking into account the dosimetry.
Information security is much more than firewall and encryption.
Information security involves not only technologies like firewall and encryption but also employee training as a fundamental tool.
The pillars of security include confidentiality, availability, and integrity of data, which can be compromised in various ways, including by human behavior.
The entire network of employees, partners, and suppliers must be trained to prevent data leaks and incidents.
Furthermore, the company can use tools such as impact reports and risk matrices to assess and mitigate risks.
Importance of LGPD: Awareness is essential
Awareness is crucial for all sectors of companies to understand the importance of LGPD.
LGPD is not just a legal or technological issue; it is a multidisciplinary approach that encompasses legal, technological, organizational, and corporate culture aspects.
All employees must understand how data processing relates to their work and how data protection is essential for the company and its customers.
The effective application of LGPD involves the implementation of policies, contractual reviews, training, and regular audits.
It is crucial that the company maintain updated policies that reflect the evolution of the business environment and technologies.
Conclusion
We can conclude that LGPD brings significant changes to how companies handle and protect personal data.
Awareness of all employees and the implementation of policies and information security practices are essential to ensure compliance and protection of sensitive data, contributing to a relationship of trust between companies and their customers.
To learn more about the particularities related to the importance of LGPD and penalties, watch the full episode of STWCast, where we discuss in detail how the laws apply.
