Personal Data Protection Law: what it is and how to prepare your company to comply with it

In a world where people are increasingly hyperconnected and relationships are increasingly digital, personal data security has become a hot-button issue. The confidentiality of information such as name, documents, address, telephone number and even consumer preferences has become an issue to be considered and debated. Thinking about the security of personal data, the LGPD (General Law for the Protection of Personal Data – Law No. 13.709/18) was passed in Brazil in 2018, establishing a series of procedures for any individual or corporation that collects, processes, sorts, stores, deletes, transfers and shares personal data and information.

As of this August, companies of all types and sizes need to adapt their procedures to comply the law and will be subject to inspections and fines in case of non-compliance – that includes small businesses that keep customer files to send direct mail of their sales and offerings, as well as big banks and financial institutions, which maintain a detailed archive of user information.

Nowadays, it is not uncommon to receive phone calls or emails with offers and proposals from totally unknown senders or sources with whom you might have registered, but never authorized to send you advertisement. The General Law for the Protection of Personal Data clearly establishes that, especially for business purposes, customer data can only be processed with consent from the data subject.

The law covers a wide range of situations, which go beyond the well-known cases of data selling, when a company sells its database to another for purposes that are entirely different from the original. The law provides more security both to consumers, who will not have their data disclosed, and the company, as it makes it harder for employees to copy and share data with others.

The Law also ensures the right to compensation when the processing of data results in damage to its subject or third parties, in addition to a series of penalties to companies, ranging from the deadline for correction of problems to a fine of 2% of its revenues, and could reach R$ 50 million, depending on the degree of the violation.

In other words, to protect themselves from penalties and ensure compliance with the LGPD, companies need to invest in a new digital compliance policy and a framework to manage the proper use of their customers’ data.

The first step towards compliance is to run a readiness diagnosis for the LGPD, which means checking their databases and how they are being used. Nowadays, it is estimated that only 30% of Brazilian companies of all sizes are ready to comply with the law. Companies need to equip IT and legal professionals with the proper tools to make the assessment, check all the databases that may contain personal data, find the gaps, identify the possible problems and the points in which the Law is not being complied with and only then to set up a group or a committee to manage the necessary changes and to manage events and crises involving data privacy breaches.

That is, it is necessary to map out every process before making the right recommendations for actions to take and how to adapt. These recommendations can be technical, such as process changes, updating information security policies, or even legal, such as rewriting customer agreements.

There are those who think that “we can deal with it when August comes,” but it is important to note that this process takes time and depending on the number of non-compliances found, there is not enough time to meet the requirements of the law, which leaves the company at a high risk for penalties.

About – Augmented Intelligence

Belonging to the Innovatech Group, offers consulting services and develops solutions based on data science, artificial intelligence and business process automation (RPA).

The business purpose of is to provide customized solutions capable of reducing costs and improving the experience of our clients’ customers through the application of data science and intelligent process automation, where we automate not only repetitive tasks, but also integration between systems, using unstructured data and generating insights and predictions for making business decisions.

The solutions of can be applied in small to large companies, in business processes that are common to all financial, administrative, customer service, human resources and IT companies, among others.