“Data is the new oil.” This statement reflects much of the transformation the world has undergone in recent decades. With the increased use of the internet , relationships are increasingly being developed in this medium. As a result, personal data is constantly being transacted. This is where the need to apply the LGPD in practice came from.
In this article, you will learn about General Data Protection Law and how it works. By continuing to read, you will learn what companies must do to comply with it, as well as the implications of not doing so. Are you interested in the information? Then continue reading!
How does LGPD work in practice?
Data protection law aims to protect sensitive personal information. In the not-so-distant past, Facebook was involved in a major scandal for allowing the data of 50 million users to be used without prior consent.
As a way to prevent further misuse of personal data by companies that store it, the National Data Protection Agency was created, initially through a provisional measure . It is the agency that will monitor compliance with the LGPD, so that no sensitive information is disclosed.
How to adapt to this new law?
Now that you know what the new law is about and how it works, let’s see how your company can adapt to it.
Analyze and study the principles of the LGPD
The guiding principle for the entire process will certainly be the LGPD itself, as it contains all the points that can be legally met. Ignorance of it will lead to errors in the process of implementing the new rules for data processing.
Therefore, it is important to know all the points applicable to the business in question. Understanding its basic principles, as well as how it works to capture and store data, is crucial to the success of the strategy.
Empower and invest in team awareness
It is no use for a company’s top management to simply know and apply the new rules listed in the law. The culture of compliance with processes must be spread among all employees in the organization.
This is important so that no one commits violations of the new legal provision. In the eyes of the law, it does not matter who the individual was who committed the error. The person eventually sued will always be the legal entity, since the employees are their representatives.
Perform data mapping
Knowing all personal data and how it is handled in your company, across all processes in all areas, is essential to comply with the LGPD. It is often necessary to change internal structures and processes to ensure greater organization and visibility of this information.
In a contractual relationship with a client or supplier, or even when simply hiring an employee, you are probably processing personal data. That is why it is extremely important to know where this data is stored, what its purpose is and for how long you should store it.
Learn about the legal bases of the LGPD and its applications
Legal bases are the hypotheses that the law provides for to authorize the processing of personal data in various possibilities. There are 10 legal bases. It is important that for each identified processing of personal data, it is associated with some legal basis. Otherwise, your company will probably be processing data illegally.
An example of a legal basis is consent , where the data subject clearly and objectively agrees that the company interested in the information may use their data for a specific purpose, such as offering products or services. Another example of a legal basis is legitimate interest . In this case, a company may use certain user information without asking for their consent, but must state the purpose of that data so that the data subject is aware and understands that it is necessary to collect that information.
Reinforce the security policy
The security policy is a vital point in the collection and protection of personal data. The more explanatory the policy is, the better. And these terms must be public. Everyone needs to know how their data is collected, the purpose for which it is used, who will have access, how long it will be retained and how it will be deleted after that period.
Whenever a user is asked to provide their data, these terms must be made available to them. This is the most transparent way to deal with the situation. It also consists of a way to position oneself in a market full of changes.
Appoint a Data Protection Officer
Every company must define a data officer who will be responsible for receiving complaints and communications from data subjects, providing clarifications and taking action, in addition to guiding employees regarding the practices adopted in relation to the LGPD.
The identity and contact details of the data protection officer must be published publicly, clearly and objectively.
What are the implications of not complying with LGPD?
Finally, it’s time to learn about the consequences if your company does not comply with the LGPD. Check it out!
Fines provided for in the LGPD
Among the penalties provided for in the LGPD for those who fail to comply with it is the application of a fine. And this is a considerable amount. The expected charge is 2% of revenue, up to a limit of R$50 million. As you can see, it is not at all healthy to disregard this law from a financial point of view , as it can disrupt the entire cash flow .
Furthermore, the financial loss may extend if the non-compliance has been going on for a longer period of time. A fine is applied for the number of days in which the violation occurred. In other words, the longer the law is violated, the greater the damage to the organization’s financial health.
Data deletion
If an organization uses customer data (properly) to guide its business, it is because this information has strategic value. Giving up on this can represent the complete downfall of a company. Therefore, this is definitely not something desirable.
This can happen if the law is not complied with. The collection, use, sharing or improper processing of customers’ personal data can result in the information being blocked or even deleted. Imagine the colossal loss for a company when an entire database of years is taken from its possession!
Loss of partners and customers
Good partnerships require adaptations to various practices considered ideal by the market. Having a good code of conduct is a good example of this. In this sense, it is quite likely that the best partners in the market will require proper handling of customer data in order to close a deal.
Similarly, customers tend to shop with companies they consider trustworthy. The processing of personal data will be a guide by which customers evaluate companies operating in the market. Failure to meet this requirement will certainly lead to problems in customer retention .
Personal data protection has become a hot topic for market participants. The issue has become so important that it has led to the creation of laws to ensure that information is properly stored. Applying the LGPD in practice is now mandatory for all companies that work with confidential customer and partner data. Recent cases of improper sharing of this information demonstrate that the need to address this issue is real.