The General Data Protection Law (LGPD) came into force on Friday (18), making Brazil one of the 101 nations in the world to have specific and well-defined rules related to the processing of personal data of Brazilian citizens or those who are in the country.
The LGPD characterizes the treatment of data as any operation performed with personal data, from its collection, through use and storage, among others, to distribution, modification and exclusion.
The law also establishes a series of aspects related to the data, such as its categorization, besides giving more autonomy to its holders, considering hypotheses of collection and treatment, detailing special conditions for sensitive data, defining the obligations of private companies and public agencies, as well as as punishments in case of non-compliance with the legislation.
The LGPD also provides for the creation of the National Data Protection Authority (ANPD), a body linked to the federal government, which will be in charge of supervising the application of the law and applying sanctions to those who disrespect it. At the moment, the agency does not yet exist.
How will you be affected by the law?
The LGPD will allow us, as ordinary users and owners of our data, to have much more control over the treatment of this information.
Within the scope of personal data, there are those considered “sensitive”, which contain information that can be used in possible forms of discrimination, such as racial or ethnic origin, religious beliefs, political opinions, health or sexual life.
All activities carried out, involving data from Brazilian people or who are in the country, are subject to the law. Exceptions include cases of information obtained by the State for public security, national defense and investigation and prosecution of criminal offenses, in addition to those related to exclusively private and non-economic, journalistic, artistic and academic purposes.
The rights of the holders include full control over what is collected, by whom, how and how it will be used, for how long it will be stored, in addition to revoking the consent of use and / or sharing, as well as requiring that the data be updated and / or excluded.
Service platforms on the internet, for example, will have to request users’ consent and inform them how their data will be used, if it will be shared and for what purpose.