Effective since September, the law does not allow personal information to be passed on without authorization; sanctions may be applied by the National Data Protection Authority
A General Data Protection Law entered into force in September 2020, but sanctions may be applied by National Data Protection Authority (ANPD) from this Sunday, 1st, to companies that disrespect the legislation. The lawyer, specialist in privacy and DPO services (Data Protection Officer) from the Opice Blum office, Henrique Fabretti Moraes, explains what changes for consumers with the law. “The main gain that the consumer has with the entry into force of the Data Protection Law is the aspect of transparency. The LGPD requires organizations that are dealing with personal data to reinforce the issue of transparency, to be very clear about how they are using the data of their consumers and their employees. This makes it possible, having information on how their data will be used, users can have greater control over this information. And, of course, being more careful about how you share and use this data, especially in digital media”, emphasized the interview specialist to Morning newspaper.
“The first recommendation that is given is if a user feels that their information is being used inappropriately, that they first seek the very company that is processing this data. Companies are required to create a communication channel with the data subject to receive complaints and, if this request is not satisfactorily met, this user can directly seek the National Data Protection Authority, which will offer a link through which you can submit your complaint”, detailed the lawyer. Now, the company that suffers an incident with the potential to cause relevant damage to the data owner must communicate both ANPD and the individual. “When this happened, it was very common that, if this incident was not known in the press, that no one would find out about it except the organization itself. With the law, the company is obliged to inform the data subject”, he described. The General Data Protection Law also applies to legal entities governed by public law, that is, the government in general.