IDC Names Securiti a Worldwide Leader in Data Privacy
ViewThe LGPD or the Lei Geral de Proteção de Dados Pessoais is a data privacy regulation that is devised to protect the privacy rights of individuals in Brazil.
This law imposes a streamlined set of obligations on organizations (public as well as private) who process personal data collected in Brazil, carry out personal data processing activities in Brazil, process personal data of individuals located in Brazil or process personal data for offering goods or services in Brazil.
The LGPD is inspired by the GDPR and has sixty-five articles which comprehensively cover all facets of data protection in Brazil. The law was passed on August 14, 2018, and went into effect on September 18, 2020. The LGPD will be enforced by the ANPD, the statutory and exclusive regulator - sanctions under the LGPD will be enforced from August 1st 2021.
Similar to GDPR, the LGPD protects employees data that is collected, stored or processed by an organization. There are a number of articles that specifically state the requirements with regards to employee’s individual data. Let's look at what each article states:
Article 6 discusses the employers’ obligations towards the processing of employees’ data and what they need to do in order to stay compliant. These obligations include:
Article 7 of the LGPD also defines 10 legal grounds for processing personal data by organizations . Employers must ensure processing activities that involve employees’ personal data is covered by at least one of these legal bases and in compliance with the obligations required above.
Securiti’s data mapping solution helps organizations meet data privacy compliance requirements through automatic discovering and mapping of data within assets and processing activities.
Article 9 of the LGPD further explains what information employers need to provide to their employees in a clear, adequate and ostensible manner:
Revamp your privacy notice and simplify the creation process with Securiti’s Privacy Policy & Notice Management. This module can help you manage your privacy notices and keep them in line with the requirements set by privacy regulations.
If employers process employees' personal data relying on the basis of consent, they must collect and document that consent correctly as per Article 8 of the LGPD. The requirements of these records are as follows:
Securiti offers organizations with a consent management solution to honor consent of all their employees. The solution allows organizations to to build customized
When legitimate interest is leveraged as the lawful basis for processing employee data, the ANPD might request the employer to conduct a DPIA. Employers and associated processors must also keep records of processing activities. Under article 10, 37 and 38, the organization is required to conduct an internal assessment for each of their processing activities to ensure that proper security measures are in place.
Securiti incorporates AI to enable Assessment Automation (PIAs, DPIAs, Readiness Assessments, Transfer Impact Assessments) to trigger and conduct risk-based assessments. It can further enable organizations to mitigate data exposures, remediate misconfigurations and discover risks within your organization.
Every privacy law puts great emphasis on the sensitive personal data of an individual. This can be seen in laws such as the GDPR and CCPA where sensitive data has requirements separate from personal data.
As per the LGPD, sensitive personal data is personal data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical or political organization membership, data concerning health or sex life, genetic or biometric data, when related to a natural person;
Under Article 11 of the LGPD, employers must only collect and process sensitive personal data for certain limited purposes or with specific consent of the employee. Due to these additional restrictions on sensitive personal data, employers must discover where they collect, store and process employee’s personal data to ensure they are in compliance with the LGPD.
Securiti’s Sensitive Data intelligence Solution allows organizations to discover and catalog sensitive data within their data stores and implement adequate security measures to protect this data from breach.
Under Article 39 of the LGPD, the processor is bound to follow the instructions of the controller for any data processing activity and the controller must ensure its instructions are followed.
When assessing the risk associated with a third-party vendor, organizations need to consider three main points; data protection, privacy violations, and respect for consumers' data. Securiti helps organizations automate this process.
Generally, personal data of individuals can only be transferred to third-party countries by organizations if:
Securiti's assessment automation and data mapping solutions can help organization discover cross-border data flows and conduct transfer assessments to maintain the safety and integrity of their data
Data can be breached at any time and this puts the individual at risk. Apart from having security measures in place, organizations also need to have a breach management system in place to mitigate the damage of a data breach.
The systems used for processing personal data shall be adapted in order to meet the security requirements, standards of good practices and governance, general principles provided in this Law and other regulatory rules. Under article 48 of the LGPD and subsequent guidance by the ANPD, employers are required to inform the ANPD about any breach incidents which pose a risk of harm to the affected data subjects within 2 days.
Securiti offers Data Breach Management (Data Breach Automated Notification, Data Breach Assessment) to monitor breaches and notify data subjects in a timely manner).
Under article 17 and 18, individuals have the following rights in relation to their personal data:
Article 18 of the LGPD requires organizations to immediately adopt and fulfill employee DSR requests without cost to the employee, within a given time period and according to the terms provided in regulation.
Securiti offers the DSR Automation Solution to enable simplified fulfillment of individuals data subject requests.The solution recruits the help of automated processes to help enterprises swiftly respond to data subject requests and enable coordination between stakeholders for reviews and approvals.
Data privacy laws such as the LGPD give employees the same rights to their personal data as consumers, which means that employers are going to get scrutinized over the employee data they store.
Achieving compliance through manual methods can be a struggle given the infinitely growing volume of data being collected by organizations. This is where Securiti comes in with automation to offer a simple and efficient road to compliance.
See how Secutiti can help your organization comply, request a demo today!
LGPD (Lei Geral de Proteção de Dados), Brazil's data protection law, applies to employees. Employers must comply with LGPD when collecting and processing personal data of their employees.
LGPD grants employees rights such as the right to access their personal data, the right to correct inaccuracies, the right to delete their data, and the right to object to processing under certain circumstances. Employees also have the right to be informed about data processing activities, among others
Get all the latest information, law updates and more delivered to your inbox
September 14, 2023
UPDATE: The Personal Data Protection Bill 2019 has been withdrawn by the Indian government after over three years of discussion. The Bill had attracted...
August 11, 2023
Employee data protection is becoming increasingly important for organizations that are aiming to comply with global privacy laws. This puts pressure on the HR...
July 14, 2023
Quebec's data protection authority, the Commission d'accès à l'information (CAI), recently published a consultation on the collection of consent in relation to personal data...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128