São Paulo/SP – August 29, 2022. Databases are commonly used by companies in different fields and markets, supporting various operations within their businesses.
*By Daniel Medrado
Databases are commonly used by companies in different fields and markets, supporting different operations within their businesses. Increasingly, there is a need to have greater control and management of the data handled daily for better organization, as well as the existence of mechanisms and processes that ensure the security of these resources.
The keyword “data” has a direct relationship with the LGPD (General Data Protection Law, 13.709/18, which establishes rules and requirements for the processing of personal data). When a company stores in its infrastructure and in its databases, personal information of its customers, employees, suppliers and partners, it is extremely important that it does so observing the requirements listed by the Law to ensure greater security in its operations and avoid fines and penalties provided for in the regulation.
Database Definition
Database is a set of structured information that serves to support the operations of a particular company. They are usually based on software like MySQL, MariaDB, MongoDB. These mechanisms are also used to represent data analytically and support strategic decisions. Data is usually stored in locations such as servers cloud or on locally installed physical servers.
Definition of personal data and sensitive personal data
According to the LGPD, personal data consists of any information that can directly or indirectly identify a person, such as: name, RG, CPF, gender, date and place of birth, telephone, residential address, GPS location, photographic portrait. , health records, bank card, income, payment history, consumption habits, leisure preferences; IP address and Cookies. And within personal data, there are also sensitive personal data, which are data capable of causing discrimination to an individual, such as: racial or ethnic origin, health or sex life, genetic or biometric data, etc.
Databases and the LGPD
Due to LGPD, companies need to implement changes in order to meet the requirements of the law. Some of these requirements are:
- Data collection needs to be clear to the customer, that is, what data will be needed to perform the operation
- The company must notify the customer when it is collecting personal data or Cookies;
- The company must make it clear what the purpose of using the collected data is, explaining briefly or in a document how that data will help strengthen the operation or why they are needed;
- Collecting as little data as possible, the company should always aim to collect minimal personal information, only those for justified use;
- Implement a tool that seeks user consent in relation to personal data, unless it is collected for legal purposes;
- Assign the agent responsible for the personal data collected through the Database;
- The Database must classify the information collected;
- Assign a tool to the Bank in order to dispose of data that are no longer used;
- Assign difference between personal data and sensitive data for each data collected
In addition to compliance, what other reason to comply with GDPR?
A study carried out by Cisco in 2020 with more than 2,800 information security professionals who work in organizations of different sizes in 13 countries says that organizations that sought to update their tools and operations for the treatment of data and privacy obtained a financial return 2.7 times bigger. Due to several attacks and the greater concern of the general public about where the data is going, companies that seek to adapt and show this responsibility present a competitive advantage in the market, bringing more security and reliability to their customers.
— Daniel Medrado is an Information Security Consultant at [SAFEWAY]
How can we help?
THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.
today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.
In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law Suit, People and Technology.
through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!
