Skip to main content

*By Daiana Baldi


The General Data Protection Law, 13.709/18 aims to establish clear rules for the processing of personal data. The objective is to guarantee and ensure the individual's right to privacy, as he/she will be able to have a better detail on the treatment and destination of his/her data.

Since its publication and entry into force, companies of the most varied sizes and operating markets have started to develop strategies to comply and not suffer the sanctions foreseen. Within this strategy, it is essential that the principles brought by the regulation to support the activities of processing personal data are observed. The purpose of this article is…


No Art. 6, the Law lists 10 principles that should guide the processing of personal data. Understanding and complying with these principles will be used as a reference to determine whether the company is properly processing personal data. The principles are detailed below:

1 – Purpose: legitimate purposes, with a specific objective, clarity and informed to the holder.

2 – Adequacy: compatible with the purpose informed to the holder.

3 – Necessity: use only relevant data, using the minimum necessary to meet its purpose.

4 – Free access: guarantee the integrity of the holders’ personal data, in addition to facilitated and free access to the form and duration of their treatment.

5 – Data quality: guarantee data subjects that the data are relevant, accurate, clear and updated with the information necessary to fulfill the purpose.

6 – Transparency: guaranteeing the holders accessible, accurate and clear information, observing commercial and industrial secrets, referring to the processing of data and the respective processing agents.

7 – Security: use technical or administrative measures to protect data from accidental acts, unauthorized access or unlawful destruction, loss, alteration, communication or dissemination.

8 – Prevention: adopt preventive measures to mitigate the risks of damage due to the processing of personal data.

9 – Non-discrimination: it is impossible to use treatment for illicit or abusive discriminatory purposes.

10 – Accountability and accountability: demonstration and proof by the agent that data protection standards and the effectiveness of these measures have been complied with.

Final considerations:

Therefore, the LGPD has as its main objective to protect the personal data of natural persons, that is, of individuals. It is a law that upholds the fundamental rights of freedom and privacy of an individual's personal data.

And it is very important for companies to adapt to the LGPD, because the penalties for non-compliance with the law are not legal at all. It may have a total or partial ban on activities involving data processing, it may have different amounts of fines (up to R$50 million), and depending on the situation your company is in, it may even go bankrupt.

— Daiana Baldi is GRC, Privacy and Information Security at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, please contact one of our experts.