The Brazilian General Data Protection Regulation.
The General Data Protection Law No. 13.709/18, signed by former President Michel Temer in August 2018, aims to increase the privacy of personal data and the power of regulators to inspect organizations on this topic.
The legislation adapts Brazil to the best global data management practices and covers all companies established in Brazil, as well as organizations based abroad that offer services or have operations in the country that involve data processing.
The law enforcement is extraterritorial. It applies to any processing operation carried out by an individual or by a legal entity governed by public or private law, regardless of the environment, country of its headquarters or country where the data are located, provided that at least one of the following rules is met:
The processing operation is performed in the national territory.
The purpose of the processing activity is the offer or supply of goods or services or the processing of data of individuals located in the national territory.
The data processed have been collected in the national territory.
How can we help your company?
senhasegura enables the security team to implement the changes established by LGPD. Through the solution, administrators can define and strengthen access and privacy policies for privileged users across the environment, and thus comply with the new regulation.
senhasegura’s architecture, without the need for agent installation, enables a fast deployment by IT staff and a user-friendly environment. senhasegura becomes the infrastructure access proxy, allowing administrators to know exactly which systems are accessed and the user’s privilege level. Additionally, all sessions performed can be recorded for auditing and incident analysis purposes.
Request a demo with an expert and understand what your business needs
10 Privacy Principles
Purpose: processing for legitimate, specific and explicit purposes informed to the data subject, without any possibility of subsequent processing inconsistently with these purposes;
Adequacy: compatibility of the processing with the purposes informed to the data subject, in accordance with the context of the processing;
Need: limitation of the processing to the minimum processing required for the achievement of its purposes, encompassing pertinent, proportional and non-excessive data in relation to the purposes of the data processing;
Free access: guarantee, to the data subjects, of facilitated and free consultation on the form and duration of the processing, as well as on all their personal data;
Quality of data: guarantee, to the data subjects, of accuracy, clarity, relevance, and update of the data, according to the need and for compliance with the purpose of the processing thereof;
Transparency: guarantee, to the data subjects, of clear, accurate and easily accessible information on the processing and the respective processing agents, subject to business and industrial secrets;
Security: use of technical and administrative measures able to protect the personal data from unauthorized accesses and accidental or unlawful situations of destruction, loss, change, communication or diffusion;
Prevention: adoption of measures to prevent the occurrence of damage in view of the processing of personal data;
Non-discrimination: impossibility for processing data for discriminatory, unlawful or abusive purposes;
Liability and accountability: proof, by the agent, of adoption of effective measures able to prove observance of and compliance with the personal data protection rules, and also with the effectiveness of these measures.