BR +55 11 3069 3925 | USA +1 469 620 7643

7 important details between the LGPD (Brazilian) and the GDPR (European)

by | Apr 29, 2019 | BLOG

The European GDPR as inspiration for the Brazilian LGPD

The General Data Protection Law (LGPD) and the Data Protection Regulation (GDPR) are very similar pieces of legislation, but their difference is the Data Privacy Officer (data controller) that the GDPR predicts, unlike the LGPD, which is still waiting for Congress to approve.

The GDPR is the updated version of another European Union privacy law, called the “Data Protection Directive”, which has been in force since 1995. The GDPR has legal protection and the Data Protection Directive is just a guide for good practices.

The European Union considers the protection of personal data as a right of any person living or being within the European territory. Therefore, if the person is a Brazilian and is in Europe, their data will be secured by the GDPR just because they are on European soil.

The LGPD complements the Civil Rights Framework for the Internet (Law 12,965 / 14) and comes to light at a moment marked by large leaks of information that involve the misuse of personal information.

In general terms, the two pieces of legislation are very similar, since both deal with the Privacy issue, defining the protection of personal data present in corporate databases.

The main proposal is that the individual’s right to know what information they provide to the services they use is fulfilled. In addition, the entity must explain why it requests certain data to the customer, and for what purpose they will be used.

7 important details between the LGPD (Brazilian) and the GDPR (European)

Despite the similarity, the Brazilian legislation has some more specific items. Here are seven important details about the rights guaranteed to Brazilians:

  1. be informed of the collection and sharing of your data whenever it occurs;
  2. full access to your data, including the possibility of correcting them;
  3. request that your data stay anonymous;
  4. guarantee of data blocking or deletion;
  5. have the option of disallowing cookies when accessing a website and receive information stating that this compromises the browsing performance and customization;
  6. request the interruption of communications and rest assured this is respected;
  7. review automatic algorithmic decisions about your data, with the right to request a human review.

Differences between the penalties provided for in the LGPD and those of the European law (GDPR)

Regarding the penalties, in the Brazilian LGPD, the penalties for non-compliance range from 2% of gross revenue to R$ 50 million (per violation).

In the European GDPR, the company can receive from a simple notice up to a fine of € 20 million or up to 4% of the company’s annual global revenue, whichever is greater.

In January of this year (2019), French CNIL, based on the GDPR, sued Google for € 50 million (estimated at $ 57 million) for the supposed breach of privacy rules contained in the law (in force in the EU since May/2018).

CNIL’s investigation began from a series of civil actions filed by privacy activist Max Schrems, who stated the following:

“We welcome the fact that, for the first time, the European Data Protection Authority is using the opportunities offered by the GDPR to punish gross violations of the law. After the introduction of the GDPR, we have found large companies that, like Google, simply interpret the law differently and constantly adapt their products superficially.”

(Original version: “Nous nous félicitons de ce que, pour la première fois, l’autorité européenne de protection des données utilise les possibilités offertes par le GDPR pour punir les infractions flagrantes à la loi. Après la mise en place du GDPR, nous avons trouvé de grandes entreprises qui, comme Google, interprètent simplement la loi différemment et adaptent constamment leurs produits de manière superficielle.”)

The GDPR and its impacts on Brazilian companies

In order to comply with the two regulations, technological solutions such as senhasegura – a management solution for privileged access, which automates all access management of privileged users, including the recording of sessions for later auditing, among other features – are fundamental for the success of a data management strategy.

The enactment of the law puts Brazil in the list of more than 100 countries that today may be considered adequate to protect the privacy and the use of data.

These regulations related to data privacy are very positive because they seek to bring a balance between the protection of personal data, the dignity of a human being, the privacy, honor and the image of people, as well as free initiative, and economic use of data in a legitimate, responsible, proportional, and reasonable way.

Top 7 Types of Phishing Attacks and How to Prevent Them

Social engineering, in the context of information security, consists of practices performed by hackers to manipulate users to take actions that go against their interests, exploiting their vulnerability and lack of knowledge for their benefit. One of the main types of...

ISO 27001 – What is the importance of having achieved the certification

The process of digital transformation has intensified in companies of all sizes and industries, and is considered an essential factor for business success. One of the main consequences of this process is the exponential growth in the amount of data from customers,...

Principle of Least Privilege: Understand the Importance of this Concept

Granting administrator access to a user who does not even have time to explain why they need this permission is not an efficient way to solve a company's problems but rather to harm its security.  This is because sensitive data can fall into the wrong hands through a...

How to Prevent DDoS Attacks in Your Company?

There are several methods by which malicious agents attack websites and destabilize network services and resources. One of the most widely used techniques is the DDoS attack, which means distributed denial-of-service. Through this attack, a website ends up becoming...

Gartner and PAM: What Does One of the Most Important Consulting Companies in the World Say About this Cybersecurity Solution?

All of us have already heard of digital transformation at some point. This phenomenon affects companies of all verticals and sizes and has been gaining prominence in the market.  Digital transformation increasingly requires organizational leaders to adapt their...