LEI Geral de PROTEÇÃO de DADOS: entendimentos básicos e cuidados necessários

Metadados – RH 360º

9 Dec 202006:29

Summary

TLDRIn this video, César, an IT manager, explains the key aspects of the General Data Protection Law (LGPD) in Brazil. The law, in effect since 2020, regulates the handling of personal data by both public and private sectors. It defines personal and sensitive data, outlines data processing operations, and introduces key roles like the data subject, controller, and data protection officer. The video covers the steps businesses must take to comply, the importance of consent, penalties for non-compliance, and how the law impacts HR processes. Viewers are encouraged to use an HR system that aligns with LGPD to ensure compliance and protect data security.

Takeaways

😀 The General Data Protection Law (LGPD) has been in effect since September 2020, regulating the handling of personal data in Brazil by both public and private sectors.
😀 Personal data refers to any information that can identify an individual, such as name, address, email, CPF, and location data.
😀 Sensitive data includes personal information regarding racial or ethnic origin, religious beliefs, political opinions, health, sexual life, and biometric data.
😀 Personal data processing encompasses any operation performed on personal data, such as collection, use, storage, and deletion.
😀 The LGPD defines key figures, including the data subject (the individual), the National Data Protection Authority (ANPD), and the data processing agents (controllers, operators, and data protection officers).
😀 The data controller is responsible for making decisions regarding data processing, while the operator performs data processing on behalf of the controller, such as a third-party service provider.
😀 To comply with the LGPD, companies need to map all personal data processing operations, review storage tools and security measures, and ensure consent is properly obtained.
😀 Consent must be freely given, informed, and specific, with a clear purpose for processing data. If the purpose changes, the company must inform the data subject and obtain updated consent.
😀 Data subjects have the right to revoke their consent at any time, which companies must respect by providing clear communication channels for this process.
😀 Violating the LGPD can lead to penalties, including warnings, fines up to 2% of revenue, and restrictions on data processing, which can impact areas like recruitment, benefits, and HR processes.

Q & A

What is LGPD?
-LGPD stands for the General Data Protection Law in Brazil. It regulates the processing of personal data, both by public authorities and private entities, and applies to all types of data, regardless of format, whether physical or digital.
What are considered personal data under LGPD?
-Personal data includes any information related to an individual that can identify them, such as their name, address, email, CPF (Brazilian individual taxpayer registration), location data, phone numbers, IP addresses, and other identifiers.
What are sensitive data in the context of LGPD?
-Sensitive data refers to personal data related to racial or ethnic origin, religious beliefs, political opinions, union membership, health or sexual life, as well as genetic and biometric data, which are linked to a specific individual.
What does 'data processing' mean under LGPD?
-Data processing refers to any operation carried out with personal data, such as its collection, use, storage, and eventual elimination. It also includes activities like data transfer or modification.
Who are the key figures involved in data processing according to LGPD?
-The key figures include the data subject (the individual whose data is being processed), the NPD (National Data Protection Authority), and the data processing agents, such as the controller, the operator, and the data protection officer.
What is the role of the data controller in LGPD?
-The controller is the entity that makes decisions regarding the processing of personal data. In the case of a company, this could be the organization itself, which determines how and why the data is processed.
What is the role of the data protection officer (DPO)?
-The data protection officer (DPO) is responsible for ensuring that an organization complies with LGPD. They manage communication with the data subject and the NPD, and also train employees on data protection practices.
How can companies comply with LGPD?
-Companies can comply by mapping all their data processing operations, evaluating the security tools in place for data storage, reviewing internal processes, ensuring informed consent from data subjects, and implementing regular security audits.
What is the importance of consent in data processing?
-Consent is essential because it indicates that the data subject has freely and informedly agreed to the processing of their personal data for a specific purpose. It must be clear, explicit, and revocable at any time.
What should a company do if there is a data breach?
-If a data breach occurs, the company must notify the affected data subjects and the National Data Protection Authority (NPD), providing details of the breach and its potential impacts.