USA +1 855 726 4878  |  BR +55 11 3069 3925 

7 important details between the LGPD (Brazilian) and the GDPR (European)

by | Apr 29, 2019 | BLOG

The European GDPR as inspiration for the Brazilian LGPD

The General Data Protection Law (LGPD) and the Data Protection Regulation (GDPR) are very similar pieces of legislation, but their difference is the Data Privacy Officer (data controller) that the GDPR predicts, unlike the LGPD, which is still waiting for Congress to approve.

The GDPR is the updated version of another European Union privacy law, called the “Data Protection Directive”, which has been in force since 1995. The GDPR has legal protection and the Data Protection Directive is just a guide for good practices.

The European Union considers the protection of personal data as a right of any person living or being within the European territory. Therefore, if the person is a Brazilian and is in Europe, their data will be secured by the GDPR just because they are on European soil.

The LGPD complements the Civil Rights Framework for the Internet (Law 12,965 / 14) and comes to light at a moment marked by large leaks of information that involve the misuse of personal information.

In general terms, the two pieces of legislation are very similar, since both deal with the Privacy issue, defining the protection of personal data present in corporate databases.

The main proposal is that the individual’s right to know what information they provide to the services they use is fulfilled. In addition, the entity must explain why it requests certain data to the customer, and for what purpose they will be used.

7 important details between the LGPD (Brazilian) and the GDPR (European)

Despite the similarity, the Brazilian legislation has some more specific items. Here are seven important details about the rights guaranteed to Brazilians:

  1. be informed of the collection and sharing of your data whenever it occurs;
  2. full access to your data, including the possibility of correcting them;
  3. request that your data stay anonymous;
  4. guarantee of data blocking or deletion;
  5. have the option of disallowing cookies when accessing a website and receive information stating that this compromises the browsing performance and customization;
  6. request the interruption of communications and rest assured this is respected;
  7. review automatic algorithmic decisions about your data, with the right to request a human review.

Differences between the penalties provided for in the LGPD and those of the European law (GDPR)

Regarding the penalties, in the Brazilian LGPD, the penalties for non-compliance range from 2% of gross revenue to R$ 50 million (per violation).

In the European GDPR, the company can receive from a simple notice up to a fine of € 20 million or up to 4% of the company’s annual global revenue, whichever is greater.

In January of this year (2019), French CNIL, based on the GDPR, sued Google for € 50 million (estimated at $ 57 million) for the supposed breach of privacy rules contained in the law (in force in the EU since May/2018).

CNIL’s investigation began from a series of civil actions filed by privacy activist Max Schrems, who stated the following:

“We welcome the fact that, for the first time, the European Data Protection Authority is using the opportunities offered by the GDPR to punish gross violations of the law. After the introduction of the GDPR, we have found large companies that, like Google, simply interpret the law differently and constantly adapt their products superficially.”

(Original version: “Nous nous félicitons de ce que, pour la première fois, l’autorité européenne de protection des données utilise les possibilités offertes par le GDPR pour punir les infractions flagrantes à la loi. Après la mise en place du GDPR, nous avons trouvé de grandes entreprises qui, comme Google, interprètent simplement la loi différemment et adaptent constamment leurs produits de manière superficielle.”)

The GDPR and its impacts on Brazilian companies

In order to comply with the two regulations, technological solutions such as senhasegura – a management solution for privileged access, which automates all access management of privileged users, including the recording of sessions for later auditing, among other features – are fundamental for the success of a data management strategy.

The enactment of the law puts Brazil in the list of more than 100 countries that today may be considered adequate to protect the privacy and the use of data.

These regulations related to data privacy are very positive because they seek to bring a balance between the protection of personal data, the dignity of a human being, the privacy, honor and the image of people, as well as free initiative, and economic use of data in a legitimate, responsible, proportional, and reasonable way.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...