BY Stephen Cavey | 24 February 2021
In late 2018, following in the footsteps of the European Union’s General Data Protection Regulation (GDPR) and other data privacy statutes, Brazil implemented Lei Geral de Proteção de Dados (LGPD). This May, the LGPD will come into full effect and companies will need to comply with its strict requirements regarding personal data and sensitive information. In this article, we’ll discuss the key differences between the LGPD and other privacy laws, and how your organization can ensure compliance.
As we covered on our blog when the LGPD was going into effect, it is a far-reaching data protection regulation intended to increase privacy and protect the data of Brazilian consumers. The key concept to understand is that the LGPD requires organizations to only process personal data for legitimate and clearly communicated purposes.
There are now several different data privacy acts around the globe, and they can be easy to confuse. Below we’ve outlined some key differences to know.
You can review GDPR guidelines in our blog here.
Businesses seeking to achieve LGPD compliance first need to understand the principles of processing data. This includes having a purpose for processing, transparency, and freedom in exercising rights and free access to the information. In order to meet the legal basis for processing data, organizations need to obtain consent from the user and the fulfillment of a legal or regulatory obligation. This consent is narrowly defined; consent must be “free, informed and unambiguous.”
In addition, organizations need to understand a user’s rights under the LGPD. As we covered earlier, under the LGDP data subjects have the right to both access and deletion. Beyond the user rights are controller and processor obligations under the LGPD. This includes responsibilities regarding cross-border data transfers, the appointment of a Data Protection Offer (DPO) and special involvement during security and data breaches. With transparency as a core principle, any agent involved in the processing of personal data needs to implement security, technical, and administrative measures.
For all organizations, the best place to start is with awareness. Awareness of what personal data resides on the servers of your organization will allow you to implement these policies and compliance measures to ensure you are aligned with the LGPD and any data privacy measure. A data discovery tool like Ground Labs Enterprise Recon Pro has the ability to quickly and accurately search across your entire data estate and find over 300 sensitive data types and secure them properly. The solution is designed to quickly and accurately find personal and sensitive data types (i.e., credit cards, passport numbers, driver’s licenses) so that you can discover, remediate, and report on data wherever it resides.
From there, organizations can start implementing new LGPD policies and protocols to safeguard this information and avoid any potential fines. As more privacy laws follow the lead of GDPR and the LGPD, the earlier companies take on personal and sensitive data discovery, the better prepared they will be to adhere to data privacy laws.
Ready to learn more? Discover more about our solution Enterprise Recon Pro here, or schedule a conversation with a data discovery expert.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.