Brazilian LGPD will come into force: Is your company prepared?
After many comings and goings, as well as several discussions on the topic, the LGPD is expected to come into force in a near future.
Thus, from that date, companies need to be in compliance with the rules and duties brought by the LGPD.
In summary, the LGPD:
- Regulates the processing of data related to individuals only (whether they are employees, candidates to a position, customers, partners, service providers, suppliers, etc.);
- It applies regardless of the means and/or form of data processing, that is, it imposes rules on data processing carried out inside or outside the internet, using or not digital means;
- It applies to treatment operations that occur in the Brazilian territory, but also to treatment operations that occur outside the country, when:
- Personal data is collected in Brazil;
- The data are related to individuals located in the Brazilian territory;
- Its purpose is to offer products and/or services to the Brazilian public.
Basically, the processing of personal data can occur:
- Upon consent;
- To comply with legal or regulatory obligations;
- By the public administration;
- For carrying out studies by research bodies;
- When necessary for the execution of the contract;
- For the regular exercise of rights in judicial, administrative or arbitral proceedings;
- For the protection of life or physical safety of the holder or third party;
- For the protection of health;
- When necessary to serve the legitimate interests of the controller or third party;
- For credit protection.
Thus, the company must implement practices and routines to be in compliance with the LGPD, in order to avoid data leakage and the application of sanctions/penalties for non-compliance with the law.
It is a very complex and delicate topic, but it needs to be fully understood so that its implementation and compliance are adequate.
Our Labor Team remains at your disposal to clarify any doubts.