The General Data Protection Law - LGPD impacts individuals and legal entities with regard to the processing of citizen data. Its purpose is to establish principles and rules for the processing of personal data, from its collection, reception, classification, use, access, transmission, processing, archiving and elimination. Small and medium-sized businesses are urgently looking for compliance with the LGPD, as they are subject to the same administrative sanctions as larger companies that process personal data.
A compliance with the LGPD has been seen as a priority in companies, since its absence may result in: warning, with a deadline for correcting the violations, a simple fine of up to 2% of the company's revenue in the previous year, up to a limit of R$50 million per violation, a daily fine of up to 2% of the company's revenue in the previous year, up to a limit of R$50 million per violation, making the offence committed public, the blocking of data related to the blocking of personal data infringement, deletion of personal data related to the violation, partial suspension of the operation of the bank of data to which the violation refers for a maximum period of six months, extendable for an equal period, suspension of the personal data processing activity to which the violation refers for a maximum period of six months, extendable for an equal period, partial or total prohibition of activities related to data processing.
In addition to administrative sanctions, companies that do not carry out the compliance with the LGPD, may also receive punishments from the ANPD, such as: lawsuits by data subjects and entities such as the Public Prosecutor's Office, reputational damages, especially in the case of data leak, loss of business, clients, and potential partnerships, financial losses, such as in the case of needing to remedy damages due to data breaches, pay legal fees to defend against lawsuits, or compensate affected clients.
Small companies may be held responsible in the event of information theft or data leak if they are unable to prove that the fact did not occur due to a breach in their security. Since Information Security is one of the principles of the law, it is essential that compliance with the LGPD be done so that the company complies with the law.
The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet done the compliance with the LGPD contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD, data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD.
