Knowing the essential elements of the law is essential for every business professional , regardless of the area in which they work. This becomes more visible in times of major changes in legislation, which require companies to pay extra attention. And this is the case with the General Data Protection Law (LGPD) coming into effect in Brazil.
To prepare LIT students and also answer common questions on the subject, we held the LGPD Webinar , with the presence of Prof. Dr. Carlos Portugal Gouvêa , partner at PGLaw, master and doctor in Law from Harvard Law School.
What is the General Data Protection Law?
The professor began the conversation by answering a simple question that still raises doubts, especially in small and medium-sized companies.
“It provides for the processing of personal data, including in digital media, by a natural person or by a legal entity under public or private law, with the aim of protecting the fundamental rights of freedom israel whatsapp data and privacy and the free development of the natural person’s personality.” (Art. 1, LGPD, Law 13,709/2018)
In other words, the law provides for regulations that are in line with international standards for the protection of data collected and processed, whether by an individual or a company. “The LGPD responds to a global demand for leveling the regulatory playing field on this subject, and is in line with laws such as the General Data Protection Regulation (GDPR), in force in the European Union since 2018,” explains Gouvêa.
Which companies will be affected?
All companies, whether public or private, are subject to the application of the LGPD. Among the most impacted, of course, are those that deal with their customers' data on a daily basis, such as the technology, e-commerce, insurance, etc. sectors. But the professor gives examples of data collection in the day-to-day of almost all sectors, such as resumes in a selection process or electronic timekeeping of employees.
Many large technology companies and startups already operate in Brazil in compliance with the GDPR rules, which will facilitate the process of adapting to the LGPD. “I see the positive side of this anticipation as the increased expectation of these companies regarding international expansion,” explains Gouvêa.
LGPD and the COVID-19 pandemic
The global economic crisis caused by the COVID-19 pandemic has brought about some important discussions about the use of data. Governments around the world are using information from telecommunications companies to monitor the population and thus control the necessary social distancing.
The professor cites as an extreme example the government action in Singapore, which has unrestricted access to its citizens' data, including preventing people from turning off their cell phones and the possibility of a fine for those who fail to comply with the rule.
In Brazil, the State of São Paulo created a Social Distancing Index using anonymized and aggregated data. And, regardless of the crisis, the LGPD already has sections that consider it not applicable in cases of public safety and accepts the processing of personal and sensitive data by health professionals and health authorities even without the consent of the data subject.
Next steps for companies
According to Serasa Experian , 85% of companies were not yet prepared for the LGPD in August 2019. Regardless of the current crisis, the law's effective date is approaching. The professor explains that, as many of the principles are derived from the Brazilian Constitution and the Consumer Protection Code, the change is important regardless of any deadline.