On August 14, 2018, the general law on the protection of personal data (LGPD, law No. 13.709 / 2018) was ratified. With this law, Brazil now has specific legislation to protect data and the privacy of its citizens.
After much debate, postponements and adaptations, the General Data Protection Law was approved on August 25, 2020. Despite the many technical and legal discussions about the actual date of the Law's validity, the scenario shows that in a window of about 15 days we can have it in effect.
It is important to note that the provisions of the LGPD regarding fines and administrative sanctions come into effect as of August 1, 2021, as provided for in Law 14.010 / 20.
The LGPD has come to reframe the way personal information is treated on the internet. Amplifica helps you understand how the new law works, how to comply and how to adapt to this new reality.
Today, companies can request various data from customers at the time of registration. Often the data collected has nothing to do with the service or product that will be offered.
However, some companies break the trust that consumers place in them and market this data without prior authorization.
What is the LGPD, Brazil’s General Data Protection Act?
The General Data Protection Law determines the correct process for the collection and use of consumer data obtained by companies through databases, registration pages, marketing automation or any other lead acquisition strategy. In addition, the law also determines the appropriate penalties in case of leakage or misuse of information, guaranteeing the client greater legal support and a better consumption experience.
It is worth pointing out that the law is not only valid for companies in the data analysis segment; if your business deals with personal information, it’s important to adapt.
How does LGPD affect my business in practice? And what benefits can I derive from it?
This is the moment when companies reframe their relationship with customers and the way to prospect. Companies should be more transparent about the purpose of using data in their consent forms. The consumer must now be fully aware of the practices that will be carried out with his information, not just a generic authorization. Apparently, the LGPD can put an end to the famous “I read and agree to the terms of use”.
The law must reverberate in practice in several other ways. In addition to an increase in consumer confidence, who will now know exactly the purpose of using their data, this is the perfect opportunity for a more targeted marketing strategy. This is the chance for your company to start saying exactly what the customer wants to hear; since registration forms should be clearer and more transparent, why not start getting to know your audience from them?
What is considered personal data?
It is considered as "personal data" everything that allows the identification of an individual, directly or indirectly. From now on, the treatment of information such as name, CPF, RG, address, portrait, bank account number, purchase history and IP address, should receive special attention.
Within the LGPD, personal data is categorized in some other ways; there are two that you should pay attention to:
Sensitive data: The concept covers information regarding race, genetic characteristics, religious beliefs, political opinions and health conditions.
Anonymized data: It is information that at some point was related to a person, but that has undergone treatment and has become anonymous. In this case, the LGPD does not apply.
How does the law apply?
To comply with the law, your company must have all consent records stored. The rule is also valid for leads and customers purchased before the law goes into effect.
In case of non-compliance, fines and warnings can reach up to 2% of your current income, with an established limit of R $ 50 million. In addition, non-compliance with the LGPD may compel you to provide periodic reports to the National Data Protection Agency, a body created to oversee the law. The Public Prosecutor's Office and Procon can also file lawsuits for the collection of collective data, if this is the segment of your business.
With the LGPD what changes for companies?
- First, with the new law, customers must authorize the use of their data. Such authorization must be made explicitly. The customer must be informed of the terms of use and only afterwards will he / she deliver the authorization completely free of charge.
- Before ordering data such as name, telephone number, address, gender, sexual orientation, marital status, religion, ethnicity and education, companies must inform the purpose of this data collection, what it will be used for and how it will be useful for the consumer.
- The companies B2B they will need to be cautious when sharing and receiving indirect data from their customers. Remember, the consumer must always explicitly authorize the use of their data.
- Anyway, as most companies already have data stored, it will be necessary to change the way they work. We recommend that an information security committee be set up to be responsible for analyzing the current situation of the company and making the necessary changes.
In summary, the following image shows how the client, the companies and the ANPD, should behave with the new law:
The tech will need to reinvent themselves to be able to capture leads and diagnose problems without going against the law. Failure to comply with the LGPD may result in a fine of up to R $ 50 million, in addition, your company will no longer be able to handle data.
In view of this, it is important to also adapt your digital marketing strategies to respect the new standards. There is no need to face this challenge alone, you have our support in this transition!
But when thinking about adapting to the new law, don't stick to punishment!
Think about how your relationship with the customer will be more transparent. In a way, perhaps customers will feel even more confident about sharing their data.
Finally, the General Data Protection Law is a challenge that requires special attention. Therefore, for a better adaptation to this process, do not leave everything to the last minute. We have a while until the LGPD comes into effect, prepare your company for this new phase.
For more tips and texts, visit our blog!
See you later!
