Control over personal data is a right of every human being and, therefore, the processing of this data must consider the consent of the holder.
The LGPD brazilian law (Lei Geral de Proteção de Dados Pessoais, Law No. 13.709/2018) guarantees important definitions to ensure privacy, establishing a new structure to handle and protect personal data.
The controller is defined, according to the LGPD, as a natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data.
This means that the controller is the company or person who coordinates and defines how the personal data will be treated, from collection to elimination. Precisely for this reason, it is on who is most responsible for this treatment.
Policies should consider actions within the data lifecycle, such as:
Collect
Production
Reception
Classification
Use
Access
Reproduction
Streaming
Distribution
Processing
Archiving
Storage
Modification
Communication
Transfer
Diffusion or extraction
Elimination
The LGPD defines the operator as a natural or legal person, governed by public or private law, who processes personal data on behalf of the controller – processes personal data under the orders and policies of the controller.
Therefore, the operator must carry out the processing of data in accordance with the guidelines of the controller which, in turn, is based on the guidelines of the law.
According to the LGPD, DPO represents the person/entity, appointed by the controller and operator, to act as the communication channel between the controller, the owner of personal data and the Brazilian National Data Protection Authority (ANPD).
The person in charge is known as DPO (Data Protection Officer), acting independently to technically guide and support corporate decisions so that they comply with personal data protection legislation, in addition to acting as a contact channel between controller, operator, holder and , eventually, ANPD.
The National Data Protection Authority (ANPD) is an organ of the public administration in Brazil, being the body responsible for monitoring compliance with the LGPD, imposing fines and sanctions and creating guidelines and guidelines on the law.
These are the guiding principles to allow the LGPD to be duly respected.
These are legal definitions that determine the LGPD’s hypotheses of how the processing of personal data should be applied to any stage of the life cycle of this data, from collection to disposal, in addition to the rights of the holder in relation to their own data.
Security policies must be duly adopted by every company to ensure that processes, practices and tools guarantee the security of personal data during its treatment.
The LGPD provides for people’s control over their own information. This means that the owner of the data (holder) may ask a company to identify the use, alteration, anonymization or deletion of the data it holds about the holder, among other rights and guarantees.
An obligation prove the measures taken in relation to compliance with the LGPD, in addition to the full functioning of continued provision to the holder, through the DPO.
Personal data is any and all information that can uniquely identify a person. In Brazil, for example, we could cite the CPF or RG – these are just examples since any data that uniquely identifies a person will be considered personal data.
It is any data of discriminatory potential, such as racial or ethnic origin, religious conviction, political opinion, religious, philosophical or political affiliation, data relating to health or sex life and genetic or biometric data.
The LGPD indicates the anonymized data as being the one that, originally, was related to a person, but that went through stages that ensured the untying, making it impossible to uniquely identify that respective person.
The LGPD indicates the pseudo-anonymized data as the one that, by path reconstruction, allows the identification of the holder again. An example could be encoded data (temporary removal of the holder’s identification) but , if decoded, could generate this respective identification again.
It is data that, on its own initiative or legal obligation, has been made publicly available.
It is the natural person to whom the personal data refers.
Treatment indicates the operations involved in the operation of the data, from collection to disposal. The LGPD stipulates rules for actions to process this data.
Over the past few months, our teams have been working to ensure our full alignment with the LGPD. Always aiming to ensure the correct handling of data and the consequent compliance with the privacy of personal data, policies have been duly established and implemented.
See more about our personal data privacy policy clicking here.
If you want to know the most frequently asked questions about the LGPD, click here.
Copyright © 2023. All rights reserved
CNPJ: 07.566.016/0001-05 – ILINK SOLUTIONS SERVICOS DE TECNOLOGIA DA INFORMACAO LTDA
