What is LGPD?

General Data Protection Law (Law No. 13,708/18), already in force and which, as of August 2021, through the action of the National Data Protection Authority (ANPD) will apply administrative sanctions to those who do not adapt to this new reality.

Regulates activities involving data processing, that is, any operation carried out with personal data such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control information, modification, communication, transfer, dissemination or extraction.

It refers not only to data collected from now, but to data already stored in the past, whether digital or physical. Thus, a major restructuring is essential to enable this correct adjustment.

Who are the agents?

What are the data?

Personal data: information capable of identifying the natural person. Data such as name, surname, RG, CPF and residential address are considered personal.

Sensitive personal data: information about prejudiced or discriminatory potential. Data on political opinion, racial or ethnic origin, religious belief, genetic or biometric data are examples.

Data anonymization: information in which the holder cannot be identified and, therefore, not applicable to the LDPD.

Sanctions?

Fine of 2% of the legal entity's revenue, which can reach up to 50 million reais per infraction; Daily fine of up to 50 million reais; Blocking and even deletion of personal data that are being treated incorrectly; Suspension of the database for up to 6 months, which can be extended for another 6 months; Partial or total ban on activities involving data processing; Advertising of the infringing company.