It is no secret to anyone: modern society has created an important dependence on the use of technologies that facilitate everyday life. Applications, tools, websites and so many other digital solutions act by generating and exchanging thousands of data per second.
However, this abundant exchange of information also brought other concerns – mainly about how this data is used. And it was from this attention that was created the LGPD – General Data Protection Law, which brings a series of restrictions regarding the use of personal data.
Although the LGPD is relatively recent in Brazil, it can be easily related to a Canadian methodology designed to protect data: Privacy by Design.
Especially useful and adaptable as a guide and solution for companies not to disobey the LGPD, Privacy by Design deserves attention from teams that are involved in new technology projects.
The need to fit the LGPD
Law created to offer layers of protection to personal data, the LGPD came into force in August 2020 and brought a number of need for adequacy to companies.
In general, the LGPD aims to prevent misuse, such as marketing, and the leakage of personal data of ordinary users and employees of companies.
With the LGPD, citizens have the right to demand how their personal information is being used by companies, and to request that it be deleted from the database at any time.
The LGPD acts by 5 basic principles, which are:
- Ensure the right to privacy and protection of personal data from transparency and security practices;
- Be clear about how data is handled;
- Foster economic development through technology;
- Strengthen trust in legal relations in data processing, facilitating free initiative;
- Promote data portability for the purpose of free competition.
Lgpd's new requirements for data registration and handling
The principles of the LGPD bring with them new legal requirements on how companies should handle registration and communication with customers.
- This data can only be collected with clear information regarding the purpose of use. It is mandatory to offer the user an acceptance term that should be stored for future queries;
- Documents with the data of any persons must be stored in a safe place;
- Sensitive information is sensitive to data on ethnic or racial origin, religious conviction, political orientation, sexual life, health, genetics or biology;
- Companies that have obtained data from their customers and wish to share it with other institutions need express authorization.
It is worth remembering that the punishment for those who do not follow the guidelines of the LGPD can be in the form of a fine corresponding to up to 2% of the company's revenue, with a limit of R$ 50 million.
What is the origin of the term Privacy by Design?
Created by the Commissioner of Information and Privacy of Ontario, Canada, Dr. Ann Cavoukian, the privacy by design concept was developed to maintain total privacy of personal information collected in technology products.
With strong application in the United States from 2010, Privacy by Design reinforces the effort that, since the idealization of a given project, all necessary parameters need to be developed to protect the confidentiality of users' data.
And with the implementation of the LGPD in Brazil, this methodology becomes crucial for new technological projects.
What is Privacy by Default
Privacy by Default aims to ensure that the user receives the product or service completely structured with all necessary privacy measures.
That is, the user does not need to resort to the settings for their data to be used by the company. By source, the application already offers this function.
Thus, the developed product should receive or send only the data essential for its operation – still, it is mandatory to warn users what data is being collected.
It is therefore up to the user to allow this minimum collection of this data.
Privacy by Design and its relationship with the LGPD
As we said at the beginning of the article, the Privacy by Design methodology is excellent to serve as a guide in developing lgpd-appropriate solutions, even functioning as a solution culture for data privacy.
In this sense, it is a very important resource for companies to know how to surround themselves with efficient and protective solutions that prevent data leaks and, consequently, very high fines for hurting the LGPD.
Another important factor in assessing compliance with the LGPD is the deep knowledge of the legislation. In this case, it is important to have specialized consultancies, to verify that organizations comply with the legislation.
Returning to the technological issue, bugScout has been operating since 2010 offering solutions that detect the vulnerability of security in software development. In relation to the LGPD, it is able to verify through source code audits whether applications dealing with personal data do not present vulnerabilities that can cause data to be stolen. That is, it is another tool that helps in this adequacy.
And do you want your development projects to be suitable for the LGPD and shielded against the leakage of personal data? Then contact us and request a contact from our analysts.