The law brought points Also the organization itself. Even though it is already in force. There are still doubts about the subject. After all. We are talking about a very comprehensive standard. With rules and concepts that make it difficult to understand and apply. Therefore. With the aim of helping you take this standard from paper and turn it into reality.
We have listed the 10 points that every company
In the digital age needs to understand. Continue reading and find out what these points are! 1. The whatsapp lead is valid throughout the country as it is a federal law . The lgpd applies throughout the country. This means that. Since september 2020. All companies operating in brazil (whether public or private) must comply with the rules set out in the legislation. 2.
The user must authorize the company to use their personal data The law brought points
One of the foundations of the lgpd is consent . In practice. This means that whenever a give recipients the opportunity to respond collects and uses data from citizens. It needs their consent. Therefore. Data processing must be informed and authorized by the data subject. 3. The purpose and need for the data must be clear in addition to authorizing the use of their data.
The individual must be informed of the purposes of such use
In other words. The company. Whether in physical or digital form. Must clearly explain to the citizen how it will use their information. 4. Data of minors is also protected as a rule. Data from minors can be used. However. At least one of the parents or legal guardians must authorize the procedure. Furthermore. The data controller is obliged to make all reasonable efforts to ensure that consent has in fact been given by the person responsible.
5. Lgpd covers foreign companies all companies
Whether national or foreign. That operate in brazil and handle personal data of individuals are subject to beb directory rules set forth in the lgpd. Furthermore. The fact that the organization is only headquartered abroad does not eliminate this legal obligation. 6. It is possible to share data with other countries the lgpd provides for the possibility of sharing personal data with other countries and international organizations.
However. This sharing is only lawful when carried out
Through secure protocols and when the destination country has similar protective legislation. 7. It is mandatory to invest in risk and failure management as the objective of the lgpd is to make the processing of personal data safer and more transparent. The standard requires companies to invest in risk and failure management. Which involves. For example: develop governance and compliance standards; implement measures to prevent security risks; apply good practices and certifications existing in the market; develop contingency plans; perform audits; resolve incidents efficiently and quickly; finally.