Na compliance with the LGPD it is important to pay attention to the principles determined by law. In Article 6, the law determines ten principles that must guide the processing of personal data. It is these principles that will help ensure that the company is in compliance and adequate to the law.
Purpose: The LGPD obliges companies to have specific purposes when processing personal data. Companies need to make their intentions clear to the data subject, justifying and pointing out the use of personal data.
Adequacy: The company must process data according to the initial purpose and with the user's consent, that is, justify and ensure that the data collected are consistent with the organization's business model.
Necessity: The LGPD affirms in this principle that “limitation of treatment to the minimum necessary for the achievement of its purposes, including relevant, proportional and not excessive data in relation to the purposes of data processing”. The company needs to ensure that only personal data essential for the development of its business is collected and processed.
Free access: The company must create mechanisms so that data subjects have the right to consult and access, freely and free of charge, the data provided at the beginning of the process, and may even request changes to the stored data.
Data quality: This principle refers to the “guarantee, to the owners, of the accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its treatment”, that is, the data collected must be accurate and updated, according to the purpose and need of treatment.
Transparency: Information about data processing must be objective, transparent and accessible to the user. This principle determines that companies must act honestly and inform data subjects about treatment agents.
Security: The LGPD states that “use of technical and administrative measures to protect personal data from unauthorized access and from accidental or illegal situations of destruction, loss, alteration, communication or dissemination”. The company must use a system for processing data that has technological resources capable of blocking attempts at fraud, accidents, and illegal acts.
Prevention: The principle of prevention determines the “adoption of measures to prevent the occurrence of damages as a result of the processing of personal data”. The company needs to define a preventive plan against circumstances that could put the database at risk.
Non-discrimination: The company cannot in any way process sensitive data for the purpose of abusive or unlawful discrimination. The principle of non-discrimination, according to the LGPD, refers to the “impossibility of carrying out treatment for illegal or abusive discriminatory purposes”.
Accountability and Accountability: This principle provides for compliance with the law that measures and procedures have been taken by the company to guarantee data protection. The company must demonstrate the procedures adopted for data processing and report on the results obtained.
The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet done the compliance with the LGPD contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD, data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD.
