General Data Protection Act & #8211; LGPD and the categorization of “Personal Data”

By May 31, 2019 No Comments

By Raissa Ataide *

 General Data Protection Act (LGPD) & #8211; Current Context

THE General Data Protection Act (LGPD) 13.709/2018 aims to ensure the protection of personal data of users in any activity that requires this use, covering all actions taken digitally that are related to legal and natural persons.

Scandals involving leaks of personal information are currently linked primarily to misuse or malicious use of this data.

One factor that contributed to the approval of the Brazilian data protection law was the European regulation titled GDPR (General Data Protection Regulation). The regulation was approved by the European Union in May 2018 with global reach.

Many companies, including some Brazilian institutions that manipulate data from these citizens, have already been forced to adapt.

The purpose of Brazilian law is to regulate and ensure the effectiveness of the collection, storage, processing and sharing of information managed by organizations that travel throughout the national territory. Therefore, any knowledge that relates to a natural person and can identify him or her will have legal protection, providing for punishments for violations that could reach R$ 50 million (for infringement).

The LGPD was sanctioned by then-President Michel Temer in August 2018 to increase the privacy of sensitive data and to support regulators in overseeing organizations. The law comes into force from February 2020 and companies have up to 18 months to adapt the new rule with scope throughout the national territory.

 General Data Protection Act & #8211; Processing of Personal Data

According to Art. 6th the processing of personal data activities shall follow the principles of purpose, for specific purposes, adequacy and analogy of the processing in order to be informed to the holder, definition of the need, free access, data quality (guarantee, clarity, accuracy and etc.), transparency, security (providing technical and administrative measures aimed at protecting data from misuse, unlawful and accidental situations), non-discrimination (illegal or abusive use), accountability and accountability (adopting effective controls that evidence compliance with the requested requirements).

Those responsible for the processing and handling of personal data are appointed as controllers and operators, they should keep track of all activities performed during the evaluated methods and relevance.

 General Data Protection Act & #8211; Featured in the categorization of “Personal Data”

The General Data Protection Act separates into sections the nomenclatures related to the processing of personal data. The prescriptive occurs as follows:

  •  Sensitive: related to religiosity, gender, politics, ethnicity, party, trade union, religious, philosophical or political affiliation, among others. The treatment will only occur when the proprietor or legal guardian expresses his permission and may be indispensable to the legal / regulatory fulfillment or a specified purpose, according to Art.11.
  •  Children and Adolescents: Every individual under the age of 12 is referred to as a “child” by the Child and Adolescent Statute. These require extra caution because of their vulnerability and possible risks of abuse. In this case, consent will be sought from parents or guardians, if necessary to ensure the protection of the minor, or to contact the representative.

How we act 

THE [SAFEWAY] currently assists organizations by validating the level of adherence and maturity to the requirements of the General Data Protection Regulation (GDPR) and the General Data Protection Act (LGPD) by considering the business environment to which it is inserted and identifying the main action plans for the regulatory compliance, aiming at process improvements and gains for the organization.

Understand how Safeway addresses LGPD challenges

* Raissa Ataide is a Consultant at Safeway Consultoria.


Learn more about the LGPD:


Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs.

During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!