'Most Innovative Startup 2020' by RSA - Watch the pitch video
View MoreLGPD (Lei Geral de Proteção de Dados Pessoais) is the data privacy law of Brazil, aimed at providing Brazilian consumers more control over their personal information. In many respects, LGPD is similar to the General Data Protection Law (GDPR) of the European Union, but there are some significant differences. LGPD goes into effect in early August 2020 and organizations must comply with this regulation in order to avoid fines and penalties by the newly-created Brazilian regulatory authority, Autoridade Nacional de Proteção de Dados (ANPD).
LGPD imposes some very important obligations on organizations dealing with and processing the user data of Brazilians. Some of the most important requirements are:
According to article 3 of LGPD, if an organization performs the following tasks, they are required to comply with LGPD:
Controller:
“Processing data within the territory of Brazil, Processing the data of individuals who are within the territory of Brazil. The location of the data processor is immaterial.
Processor:
“Processing data which was collected within the territory of Brazil.”
LGPD offers its constituents the nine following rights:
Right to be informed about the existence of the processing.
The right to access the data.
The right to correct inaccurate, incomplete or out-of-date data.
The right to block, anonymize, or delete excessive or unnecessary data or data that is not being processed in compliance with LGPD.
The right to the portability of data to another service by an express request.
The right to deletion of personal data which is processed with the consent of the data subject.
The right to information about private and public entities with which the data is shared.
The right to be informed about the possibility of denying consent and the consequences of such denial.
Right to revoke consent.
These rights can be enforced through complaints and private actions brought about by data subjects.
Under the LGPD, the penalty system ranges from:
Warnings to organizations in case of non-compliance with the intent of having the organization implement corrective measures.
Blocking or deletion of processing and data.
Daily fines which can go up to R50 million which approximates to €11 million.
Fines up to 2% of annual turnover in Brazil or R50 million per violation, which approximates to €11 million.
and what to do in order to comply, sign up to get a free copy of the PrivacyOps book
SECURITI.ai’s award-winning compliance solution revolves around the concept of PrivacyOps, which calls for utilizing robotic automation, artificial intelligence and machine learning to provide enterprises with a system that automates majority of compliance tasks, freeing up crucial resources for other areas of business.
SECURITI.ai helps businesses discover data over a web of internal and external systems, stitch a data graph to link personal data with each individual, conduct automated internal assessment of policies as well as third-party vendors, manage consent and do a lot more!
While businesses may hesitate to take the leap towards automation from their current manual methods with the fear of costs and change in infrastructure, it is evident that automation is truly the way forward. Automation will increase the ROI as well as increase productivity, lowering cost and improving accuracy, in other words, it will pay for itself and bring organizations a number of benefits along with it.
1
Applies to all companies processing the personal data of data subjects residing in Brazil, regardless of the company’s location.
2
Fines can range up to 2% of annual turnover in Brazil or R50 million per violation, which approximate to €11 million.
3
Brazil has over 140 million internet users.
4
Some people call the LGPD “Brazil’s GDPR”. If you’re already GDPR compliant, you are mostly within the provisions of the LGPD.
5
LGPD goes into effect in August 2020.
Comprehensive Solution for California Consumer Protection Action
Comprehensive Solution for General Data Protection Regulation
Revolutionizing LGPD compliance through PrivacyOps
Suite of Schrems II Solutions to help controllers and processors respond to the operational challenges
Scan your Snowflakes instance to auto detect all personal & sensitive data stored in tables and schemas.
Analyze all objects stored in S3 buckets to auto detect all personal & sensitive data stored in them.
Scan your Microsoft OneDrive, SharePoint Online, and Outlook to find personal and sensitive data in files and attachments