GDPR is the acronym for the General Data Protection Law of Brazil, enacted in August 2018. The GDPR rules on the collection, storage, treatment and sharing of personal data, imposing more protection and penalties for non-compliance With regard to the policy of data usage policies, the current situation highlights the emergence of new global trends and global changes in the legal systems of many countries, with a focus on establishing clear privacy and security guidelines. In Brazil, this trend is also developing. After eight years of debates and essays, on August 14, 2018, the President of the Brazil, Michel Temer, signed the General Data Protection Law of Brazil (LGPD), which is Law 13.709 / 2018. The law entered into effective in September 2020, allowing companies and schools to have an 18-month adaptation period. With the LGPD, the country joined 120 countries with special personal data protection laws. The new law will fill a gap to replace and / or complement a structure of the more than 40 legal instruments that regulate the use of data in the country today. The GDPR (General Data Protection Regulation) came into force last year and regulates the regulations of European countries. This is the most important recent legislation on data privacy and has become a model for many countries to adopt existing regulations or strengthen as existing policies.

What does the GDPR say? In accordance with European regulations, the LGPD establishes clear rules on the collection, storage, processing and sharing of personal data, changes the organization's operation and operating methods and will impose higher standards of protection and severe penalties for violations. The law refers to "personal data", which refers to any information related to an identified or identifiable natural person, and "data processing" refers to any operation performed on personal data, such as collection, classification, use, access, copying, processing and operations related to storage, disposal, information control, etc. Legal bases for data processing The collection and processing of data must comply with the legal foundations provided for by law. The new text brings nine hypotheses that legalize data processing, focusing on two main hypotheses: consent and legal rights. The explicit consent of the data subject must be obtained, that is, the consent must be informed and given freely so that consumers can actively choose whether they want to participate. Another assumption to authorize the use of data is the legitimate interest of the controller, which can facilitate the processing of personal data for legitimate purposes based on specific circumstances

Principles of LGPD The law lists ten principles that organizations must comply with in data processing, with a focus on purpose, adequacy, necessity and transparency. According to these principles, public and private organizations with a culture of accumulating data before knowing how to process it will undergo a change in mentality. The LGPD opposes this habit and believes that data collection should be limited to useful content that directly interacts with consumers. Therefore, data collection must be sufficient, relevant and limited to the minimum relevant for the purpose of processing.

Who are the actors involved? The law details the roles of four different agents: the titleholder, the controller, the operator and the person in charge. The holder: is the natural person to whom the personal data refer. The controller is the company or individual that collects personal data and makes all decisions regarding the form and purpose of processing the data. The controller is responsible for how the data is collected, what it is being used for and how long it will be stored for. Operator: is the company or individual that carries out the processing and processing of personal data under the orders of the controller.

The person in charge is the individual indicated by the controller and who acts as a communication channel between the parties (controller, owners and national authority), in addition to guiding the controller employees on data processing practices. * LGPD promotes stricter standards for the protection of your data, but is not responsible for data inserted in "untrusted" sites, thus putting your data to vulnerabilities and leaks, such as; Name, phone, email, passwords, photos and credit card details So, did you like our tips? Be sure to use our tips in your projects and most importantly, do not limit yourself, this process with sales funnel can have the extension you want, always innovating and proposing new products is how you get the results. Be sure to contact our team, in case of doubt, contact us, we would like to be able to help you towards success.
Cheers, Thiago R.