1) What is LGPD?

It is Law 13,709 of August 14, 2018, better known as the General Personal Data Protection Law (LGPD), which came into force on September 18, 2020.


2) Why comply with the LGPD?

Competitive advantage and prominence in the business world are consequences of LGPD compliance. The adaptation of business activities to legislation makes it possible to contract with third parties and develop business, since many companies and the public sector now demand it. Consumers increasingly value their personal data, often opting for companies that ensure their protection. It is no wonder that the growth of marketing and advertising measures in this sense, broadcast during prime time on Brazilian television and by other very popular means.

In addition, non-compliance with the LGPD may result in the application of administrative sanctions by the National Data Protection Authority, such as a warning, a fine of up to 2% on billing, limited to R $ 50,000,000.00, which may result in suspension or total stoppage of activities. In addition, other measures may be taken by consumer protection agencies, the Public Prosecutor’s Office or other competent authorities, and it is also possible to bring legal measures directly by the holders of personal data or by entities that represent them.


3) What is the purpose of the LGPD?

The LGPD has among its foundations, free initiative, free competition, economic and technological development, freedom of expression, respect for privacy, free development of personality and informational self-determination. Therefore, the LGPD does not prevent or prevent any economic activity, but imposes the need and obey some rules for its development, when such economic activity has to, in some way, make use of or deal with personal data. The LGPD also aims to ensure that individuals have greater control and knowledge about what is done with their data.

“Treatment of personal data” means any and all activities carried out with personal data.

The LGPD, therefore, regulates any and all personal data processing activities, carried out in physical and digital environments, imposing duties, establishing rights and sanctions, in case of non-compliance.


4) What is personal data?

It is any information that identifies a natural person or makes it identifiable. This includes right personal data, such as RG, CPF, name, and indirect personal data, such as that which together and depending on the context, can make a person identifiable. Therefore, a careful analysis is recommended to identify whether or not there is any activity of processing personal data in your business.


5) When does LGPD apply?

The LGPD applies to individuals, legal entities under public or private law, regardless of size, number of employees or type of business, when the activity of processing personal data is carried out in the national territory. It also applies to the offer of products or services in the national territory and for those activities carried out with personal data of individuals located in the national territory or with data collected in the national territory.

The LGPD is not a law aimed exclusively at activities carried out on the Internet or technology companies. Therefore, the LGPD also applies to the most traditional businesses, for example, in the relationship between employer and employee, supplier and consumer and even between suppliers, when personal data is present.



6) When does the LGPD not apply?

The LGPD does not apply to activities carried out by a natural person for exclusively private and non-economic purposes. Nor does it apply for exclusively journalistic, artistic and academic purposes and for activities carried out by the State for the purposes of public security, national defense, investigations or prosecution of criminal offenses.


7) When does the LGPD authorize the processing of personal data?

The LGPD provides, as a rule, ten hypotheses in which the processing of personal data can be carried out. The definition of which of the hypotheses best fits the actual situation and a determined purpose, which must be previously established, requires a careful analysis to ensure the proper compliance with the law.

The processing of personal data may be carried out when: i) there is the consent of the holder; ii) to comply with a legal or regulatory obligation; iii) by the public administration, for the execution of public policies; iv) for carrying out studies by a research body; v) for the execution of the contract and preliminary procedures; vi) for the regular exercise of rights in judicial, administrative or arbitration proceedings; vii) for the protection of the life or physical safety of the holder or third party; viii) for the protection of health; ix) to meet legitimate interests and x) for credit protection.


8) What is the first step towards LGPD compliance?

The adaptation of economic or business activities to the LGPD requires the performance of specialists, together with the parties involved. Among other activities, the work to adapt to the LGPD involves the presentation of the project, the main concepts and awareness of everyone about the relevance of the theme for the continuity and development of the business. It is also necessary to identify and analyze the internal activities to assess compliance and suitability to the requirements established by the LGPD, as well as the definition of procedures for meeting the rights of the holders, reviewing or drafting contracts, internal and external policies and records of activities , in addition to the appointment of a person in charge of dealing directly with the matter, serving as a channel of communication between the holders and the National Authority for the Protection of Personal Data (ANPD).

Once in compliance, reviewing procedures, evaluating new business, promoting training is always recommended to maintain activities within the parameters established by the LGPD.


Welcome! Please write your message here and we will contact you shortly. Thank you!

Start typing and press Enter to search