LGPD Compliance

What is the LGPD or General Personal Data Protection Law?

Text

The LGPD (General Personal Data Protection Law) is law no. 13,709, passed in August 2018 and went into effect as of September 2020. It regulates the processing of personal data, with its objective being to protect the fundamental rights of freedom and privacy and a natural person’s ability to freely develop their personality.

Personal Data Protection

In its content, the LGPD establishes the principles that must be respected in matters of personal data protection:

  • Respect for privacy;
  • Self-determination of information;
  • Freedom of expression, information, communication, and opinion;
  • The inviolability of privacy, honor, and image;
  • Economic and technological development and innovation;
  • Free enterprise, free competition, and consumer protection;
  • Human rights, free development of personality, dignity, and the exercise of citizenship by natural persons. 

Security Incident

Text

Although the LGPD does not explicitly present the concept of a breach or incident, the National Data Protection Authority describes a security incident involving personal data as "any confirmed adverse event related to the breach in the security of personal data, such as unauthorized, accidental, or unlawful access resulting in destruction, loss, alteration, leakage or even, any form of improper or unlawful processing of data, which may pose a risk to the rights and freedoms of the holder of the personal data".

It is important to know the definition of “incident” to understand the events that involve personal data and that are present in the legislation, like what is stated in Article 42 of the LGPD, for example:

"The Controller or Operator who, due to the act of processing personal data, causes damage to others’ property, be it moral, individual, or collective, in violation of the legislation on protection of personal data, is obliged to repair it."

Article 46 of the LGPD serves as another example, which states that Personal Data Processing Agents must adopt security, technical, and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or any form of improper or unlawful processing. 

Fortra’s Digital Guardian can help you comply with LGPD

Fortra's Digital Guardian helps with LGPD compliance through the following capabilities: 

Data Discovery
Data Protection and Encryption
Monitoring and Reporting
Automated Policy Enforcement

See Digital Guardian in Action

GET A DEMO