LGPD Compliance

What is the LGPD or General Personal Data Protection Law?

The LGPD (General Personal Data Protection Law) is law no. 13,709, passed in August 2018 and went into effect as of September 2020. It regulates the processing of personal data, with its objective being to protect the fundamental rights of freedom and privacy and a natural person’s ability to freely develop their personality.

Personal Data Protection

In its content, the LGPD establishes the principles that must be respected in matters of personal data protection:

  • Respect for privacy;
  • Self-determination of information;
  • Freedom of expression, information, communication, and opinion;
  • The inviolability of privacy, honor, and image;
  • Economic and technological development and innovation;
  • Free enterprise, free competition, and consumer protection;
  • Human rights, free development of personality, dignity, and the exercise of citizenship by natural persons. 

Security Incident

Although the LGPD does not explicitly present the concept of a breach or incident, the National Data Protection Authority describes a security incident involving personal data as "any confirmed adverse event related to the breach in the security of personal data, such as unauthorized, accidental, or unlawful access resulting in destruction, loss, alteration, leakage or even, any form of improper or unlawful processing of data, which may pose a risk to the rights and freedoms of the holder of the personal data".

It is important to know the definition of “incident” to understand the events that involve personal data and that are present in the legislation, like what is stated in Article 42 of the LGPD, for example:

"The Controller or Operator who, due to the act of processing personal data, causes damage to others’ property, be it moral, individual, or collective, in violation of the legislation on protection of personal data, is obliged to repair it."

Article 46 of the LGPD serves as another example, which states that Personal Data Processing Agents must adopt security, technical, and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or any form of improper or unlawful processing. 

Fortra’s Digital Guardian can help you comply with LGPD

Fortra's Digital Guardian helps with LGPD compliance through the following capabilities: 

Data Discovery

The solution aids in discovering personal data across various systems, providing visibility into where personal data resides and how it flows within the organization, ensuring compliance with LGPD’s data inventory requirements.

Data Protection and Encryption

Digital Guardian offers encryption and other data protection measures to safeguard personal data from unauthorized access, breaches, or misuse, in line with LGPD’s requirements for data security.

Monitoring and Reporting

The platform provides continuous monitoring and detailed reporting on data access and usage, which helps organizations demonstrate compliance with LGPD’s accountability and transparency obligations

Automated Policy Enforcement

It supports the creation and enforcement of data protection policies, ensuring that personal data handling practices meet LGPD standards and regulatory requirements.

See Digital Guardian in Action

GET A DEMO