What are the LGPD regulations?
The Lei Geral de Proteção de Dados or General Data Protection Law (LGPD) is a legal framework to regulate the collection and use of personal data. It came into effect in Brazil on August 16, 2020. The law was passed and will be enforced, by the Autoridade Nacional de Proteção de Dados or National Data Protection Authority (ANPD).
The LGPD is made up of 65 articles. Articles 17-22 deal with the rights of data subjects, those whose data is collected and/or processed, so mainly individuals or natural persons. The law contains unique definitions of personal data and their authorized uses that count on enforcement by the Brazilian Data Protection Authority (ANPD).
Why is the LGPD essential?
Brazil has over 140 million internet users. It is the largest internet market in Latin America and the fourth largest in the world in the number of users. Brazil already has more than forty legal norms at the federal level that in various ways deal with data protection and privacy, causing a crosswire legal framework. It empowers individuals with a streamlined set of rights. It also puts the responsibility on companies and organizations to appoint a Data Protection Officer (DPO) and establishes the Autoridade Nacional de Proteção de Dados (ANPD) with powers of supervision, guidance, and enforcement of its administrative sanctions.
Who and what falls under the purview of LGPD?
Per Article 3, the LGPD applies to any data processing that takes place in Brazil, for the purposes of offering goods and services or to process data, or people who are located in Brazil. The means of processing are not relevant.
Examples of personal data include basic identity data such as names, health, genetic & biometric data, web data such as IP addresses, personal email addresses, political opinions, and sexual orientation data.
Exceptions to personal data with examples include company registration numbers, generic company email addresses such as [email protected], and anonymized data.
In Article 3, it is defined that the LGPD applies to:
1. Data processing within the territory of Brazil,
2. Data processing of individuals who are within the territory of Brazil, regardless of where in the world the data processor is located,
3. Data processing of data collected in Brazil.
LGPD explicitly forbids the use of personal sensitive data. Sensitive personal data is defined as a subcategory to personal data and applies when the data processed concerns “racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical or political organization membership, data concerning health or sex life, genetic or biometric data” (Article 5, II).
LGPD vs GDPR – the legal basis for the processing of data
- The LGPD differs only on the surface from the GDPR when it comes to its framework for what constitutes legal bases for the processing of data. Again, the LGPD and GDPR basically align, with minor variations.
- Sensitive data is – like in the GDPR – a separate category from personal data that includes data on race, ethnicity, religious beliefs, political convictions, health, sexuality, genetics, and biometrics. The restrictions for processing sensitive data in the LGPD are stricter than in the GDPR.
- The LGPD also institutes DPIAs but does not specify how these are to be used, nor does it lay out any requirements for notification of any supervisory authorities.
- LGPD makes it mandatory for companies to have a data protection officer (DPO), whereas this is only required in certain circumstances in the GDPR.
- Compared with the GDPR, the LGPD is much less severe in its abilities to fine and penalize violations and non-compliance.
How is BizProspex compliant with the LGPD regulations?
BizProspex, being the leading services provider in the business, understands the requirements and responsibilities of delivering legitimate and accurate data. We stand out as global leaders when it comes to CRM cleaning, Data appending, Data mining, Tech install, Data Merging, and Data Deduping for B2B clients. We aim at supplying our clients with public data scraping of the highest quality to boost your sales numbers. At BizProspex, we focus on becoming the partner your organization needs to survive, and in the long run, thrive. By understanding what your company’s needs are, we’re prepared to bring you solutions with legitimacy that truly make a difference. We are one of the Best LGPD Compliant Data Service Providers worldwide and we are known for our capabilities to make complex things easy for business people and help them understand the key needs.
Data Protection Impact Assessment (DPIA)
LGPD is inspired by the reputed GDPR framework. Hence it also incorporates the Data Protection Impact Assessment policies as an important and functional section of the LGDP legislation.
We take necessary steps (Data Protection Impact Assessment) to ensure that the LGPD requirements are seamlessly met with (Art 38),
- By conducting an assessment of the data protection risks associated with any new project and initiating a plan to mitigate those risks.
- By assessing and implementing the LGDP compliance to existing or pre-dated data protection plans.
- By initiating and executing an immediate mitigation plan to address any gaps or risks posed in delivering our data services.
- We make sure that we regularly review our information and privacy policies and measures and, where necessary, improve them.
- We ensure that any data processor we use also implements appropriate technical and organizational measures.
We claim the highest standards of work ethics with utmost obedience to laws that we are subject to. All the pre-scraped public data that we collect and the process is done so with the contractual consent of our customers under the scope of the LGPD regulatory framework. At BizProspex our compliance and audit experts work tirelessly to make sure all the right compliance controls are in place when it comes to data.
Disclaimer: The information on this page is being provided for information purposes regarding the operations of BizProspex within the legal ambit. Information contained on or made available herein is not intended to and does not constitute legal advice, recommendations, mediation, or counseling under any circumstance. The use thereof does not create any attorney-client relationship. Do not act or rely on any information provided herein without seeking the advice of attorney licensed to practice for your particular business.