The lawmaker’s concern with the protection of personal data is not recent, such that the idea of protection of privacy and private life is express on the list of fundamental guarantees of the Federal Constitution (Article 5, X, Federal Constitution), besides indications with the same view, even if tenuously, in uncodified law, such as the Consumer Protection Code and the Internet Civil Mark.
However, the General Personal Data Protection Law – LGPDP, which will enter in force in 2020, will delimit other aspects of the theme, which is why the adaptation procedure by companies, for the compliance with the legal rules is needed, avoiding the future application of penalties.
LGPDP’s focus is transparency. It cannot be denied that personal data have a great value attached, and that many times their owners do not even imagine the destination of and the way of use of such personal content.
All private companies, institutions and Government Agencies must execute the new directives established, independent of their branch of actuation, so that the data processing assumes important guidelines to be observed.
The National Data Protection Authority – ANPD, instituted by Act No. 13.853/19, will be the Government Agency responsible for the oversight of the compliance with the law, and may request specific information about the ambit and nature of the data and other details about the processing done, besides applying sanctions, through an administrative procedure.
In hypotheses of non-compliance with the rules the sanctions may be fixed in percentiles of the company’s revenue, limited to fifty million reais per infraction, reason why it is needed to stablish the security and governance measures that are most adequate to the activities developed.
The penalties also include warning, with an indication of the term for the adoption of corrective measures, daily fine, blocking and elimination of data and even the obligation of disclosure of the occurrence, making the infraction public.
Consent also appears as one of the central figures, being defined as the free, informed and unequivocal manifestation by which the owner agrees with the processing of their data for a specific end.
Also, for the cases in which consent is absent, the LGPDP indicates the legal bases that confer authorization for the processing of data. For example: when needed for the performance of an agreement, regular exercise of a right in a lawsuit, for the protection of credit, between others (Article 7, LGPDP).
The exigence of consent is also excused for data manifestly made public by their owner or when used for the protection of life and health, as an example. Consent may also be withdrawn at any time by means of an express manifestation of the owner.
In view of that, certainly legal entities will face concrete challenges with the implementation of the new data regulation, with the transformation of standards happening in a short period of time. It is important to keep in mind that the law does not protect only data obtained by digital means, but also physical registers.
In any case, the law establishes that the activities involving personal data processing must observe good faith, with legitimate and compatible purposes, besides guaranteeing to the owners an easier consultation about the form and duration of the processing, with accurate and easily accessible information.
The risk in not adopting appropriate corporate measures is great, independent of the area or activity, as acting in an irregular manner may bring unfavorable consequences.
In synthesis, the LGPDP constitutes extensive measures with the central intention that the owner of the personal data has larger control over the flow of their data. Thus, thinking about the scenery to be explored reflection about the theme is needed, as the adjustment of standards will directly impact on businesses.
News
Articles
Cases
