Cumprir a LGPD do Brasil de forma eficaz e eficiente

Brasil LGPD (Lei Geral de Proteção de Dados Pessoais)

A Lei Geral de Proteção de Dados (LGPD) do Brasil estabelece padrões para o gerenciamento da privacidade e da proteção de dados pessoais e impõe obrigações de conformidade significativas às empresas que processam e operam dados pessoais ou oferecem serviços a indivíduos no Brasil.

A lei entrou em vigor em 27 de agosto de 2020 e introduz nove direitos do titular dos dados, define o que são dados pessoais e dez bases legais para o processamento desses dados.

A solução da Mandatly ajuda a automatizar e a operacionalizar de forma eficaz um programa de adequação a LGPD, para atender aos requisitos regulamentares da AGÊNCIA NACIONAL DE PROTEÇÃO DE DADOS(ANPD).
LGPD Compliance Solution - Mandatly Inc.

Requisitos Chave da LGPD

  • Avaliações de risco de privacidade
  • Inventário e mapeamento de dados pessoais
  • Manter registro de atividades de processamento
  • Aplicar a metodologia Privacy by Design
  • Responder as solicitações de acesso do titular dos dados

Sabe a diferença entre LGPD e GDPR?

Download this whitepaper to know more about the key differences between the provisions of Brazil’s Lei Geral de Proteção de Dados (LGPD) and the General Data Protection Regulation (GDPR). Although both laws are comprehensive regarding personal, material, and territorial scope, there are a few important differences between the two laws.

Know the Difference between LGDP vs GDPR - Mandatly Inc.

Como o Mandatly pode te ajudar na adequação a LGPD?

Mandatly entende os desafios de operacionalizar o programa de conformidade de privacidade e oferece uma solução de software flexível e configurável.

PIA/DPIA Assessments - Mandatly Inc.
Avaliações PIA / DPIAProjetado com inteligência para descobrir e mitigar os riscos de privacidade associados ao processamento de dados pessoais.
Data Inventory and Mapping - Mandatly Inc.
Inventário e mapeamento de dadosObtenha visibilidade total sobre os dados pessoais em toda a sua organização e mantenha um registro das atividades de processamento de dados.
Data Discovery - Mandatly Inc.
Descoberta de dadosDescubra dados pessoais automaticamente usando a integração da API em várias fontes de dados, questionários predefinidos para obter visibilidade na transferência de dados.
Data Subject Rights (DSR) - Mandatly Inc.
Direitos do Titular dos Dados (DSR)Solução de cumprimento do PORTAL DO TITULAR DE DADOS, ponta a ponta com verificação de identidade automatizada e descoberta de dados para atender a solicitação em tempo hábil, com segurança e eficiência.
Enforce Privacy by Design - Mandatly Inc.
Aplicar Privacy by designExecutar avaliações de Privacy by Design para os projetos recém criados e associados a aplicativos, produtos, serviços ou outras mudanças relacionadas aos seus processos de negócios.
Reporting and Governance - Mandatly Inc.
AnalyticsOs recursos de relatório são integrados ao sistema para obter uma visão holística do programa de conformidade para as diferentes partes interessadas.

Start with our forever free edition

No credit card required

Launch your LGPD compliance plan today for a secure tomorrow.

FAQs

What is LGPD, and how does it impact businesses operating in Brazil?

The Lei Geral de Proteção de Dados (LGPD) is the Brazilian General Data Protection Law. It is a statutory law that governs data protection and privacy in the Federative Republic of Brazil. The LGPD aims to unify various Brazilian laws related to the processing of personal data and is designed to protect fundamental rights such as freedom, privacy, and the free development of an individual’s personality.

Businesses in all sectors are going to have to adjust and adapt their data collection practices to Brazil’s LGPD.

Who is affected by LGPD, and what types of businesses need to comply?

The LGPD applies to any individual or organization, private or public, regardless of residency, that is collecting or processing personal data in Brazil, or intending to offer or provide goods or services to individuals in Brazil. This means companies of all sizes must comply with the LGPD.

What are the key principles and requirements of LGPD that businesses need to follow?

The Lei Geral de Proteção de Dados (LGPD) outlines the following 10 principles for processing personal data:

  • Purpose: Data processing must have a clear and legitimate purpose, and it should be informed to the data subject.
  • Adequacy: The processing should be relevant and limited to what is necessary for the intended purpose.
  • Necessity: The data processing should be essential for the purpose it was collected.
  • Free Access: Data subjects have the right to access their personal data easily and without unreasonable barriers.
  • Data Quality: Organizations must ensure the accuracy, clarity, relevance, and updated status of the processed data.
  • Transparency: Data controllers must provide clear, understandable information about the processing activities.
  • Security: Adequate security measures must be implemented to protect personal data from unauthorized access and breaches.
  • Prevention: Proactive measures should be taken to prevent potential harm resulting from data processing.
  • Non-Discrimination: Data processing should not lead to discriminatory practices against the data subject.
  • Accountability: Data controllers are responsible for demonstrating compliance with the principles and for adopting effective measures to ensure data protection.
What steps can businesses take to ensure LGPD compliance?

Designate a DPO, especially for larger organizations or those processing sensitive data.

  1. Identify and document all personal data collected, processed, and stored.
  2. Maintain detailed records of data processing activities, ensuring accountability and compliance documentation.
  3. Determine the legal basis for data processing and obtain explicit consent from data subjects when required.
  4. Update privacy policies and notices to align with LGPD requirements and inform individuals about data processing activities.
  5. Establish processes to facilitate data subject rights, including access, correction, deletion, and data portability.
  6. Develop and implement a clear process for reporting and managing data breaches, including notification to the National Data Protection Authority (ANPD) and affected individuals.
  7. Perform regular risk assessments to identify and mitigate potential privacy risks associated with data processing activities.
What are the consequences of non-compliance with LGPD?

Non-compliance with LGPD can lead to significant consequences, including severe financial penalties and damage to the organization’s reputation. Penalties may range from warnings and fines—up to 2% of the company’s revenue in Brazil, capped at BRL 50 million (approximately €8M or US$9M)—to potential partial or total suspension of business activities related to data processing.

Recent Articles