Skip to main content

THE General Data Protection Act came into force in September 2020 to regulate companies' use of personal data and create clear rules on how organizations should collect, store and share user information.

With the new law in place, people will have more control over the processing of their personal data, and may require clarification on how companies use this information.

In order to understand a little more about these adjustments, we at Safeway invite the specialist and founding partner, Adriano Mendes, gives Assis Mendes Advogados, an office specialized in Digital, Corporate and Data Protection Law to clarify some doubts about the law and how companies can adapt.

Adriano, how can legal advice help IT companies to adapt to the new law?

We, at Assis Mendes, have been specialists in LGPD since 2017, and we develop customized solutions to help each company adapt its services and products. Our main function is to make organizations understand which points of the law can affect their business and how it is possible protect sensitive data in the work environment.

What are the security principles presented by the law?

I will enumerate the three main ones: the first is reliability, because it is necessary that these personal data are preserved, then integrity, which concerns security during the useful life of that data, and finally, availability, ensuring that information is always available to users.

You mentioned about integrity ... how can companies guarantee the security of personal data throughout the cycle?

In addition to adapting internal processes, limiting staff access and having secure software, companies can adopt Privacy By Design. This concept emerged in 2010 and is based on the principle that data security should be a priority in the development of projects, products and services. As a complement, it is also worth following the principles of Privacy by Default, ensuring that the user is informed about the purpose of the information collected, being able to disable or not its use.

What is the main measure that companies should take now?

Companies can invest in information technology, specifically, information security resources, the famous “IT Security”, Software that allows managing the workflow of employees and being able to detect possible threats.

You mentioned IT Security features. What resources would be most used?

The biggest concern so far is with cyber attacks and their fines that can be imposed as a result of the data leak or misuse. Therefore, I have noticed heavy investments in cloud computing, since this technology allows data to be stored safely in hybrid environments and does not require huge changes in the business infrastructure.

About the dfailure to comply with the law, what penalties are companies subject to?

The penalties are very serious! Companies that break the law may experience interruption in all activities that use user data and fines can reach up to 50 million reais. Without a doubt, the best solution is to adapt.

 Adriano, to end our chat ... about the execution of the adjustments in the company, do you consider it important to hire a DPO?

Article 41 of the law provides for someone to be appointed to look after personal data. In addition to ensuring this information, the person in charge must guide the other employees, receive criticisms of the data titles, provide clarifications and answer the law's regulatory authorities, however, the DPO it may be someone who is already a company employee. Assis e Mendes is also well prepared to guide this DPO.

To obtain legal advice on the LGPD compliance process, talk to the experts Assis and Mendes!

 * Adriano Mendes is  Lawyer specialized in Digital Law, Technology and Business. Founding partner of ASSIS E MENDES Advogados (assisemendes.com.br), acts on issues involving Protection of Personal Data and the legal developments of technology in Brazilian law. He has courses and specializations in Brazil and abroad. He was a professor of Ethics, Law and Legislation and currently lectures on business and legal technology issues.