|
|
Finally sanctioned (on August 14, 2018), the new Brazilian General Personal Data Protection Law (LGPD) profoundly affects the way all Brazilian companies operate. Not the commercial logic, but the information management logic. This is a true “tsunami” for companies that will have, from the enactment and publication of the law in question, 18 months to adapt to a reality that, for most of them, is completely foreign to them. Not to mention the Public Administration bodies and entities, whose personal information management model is, with very few exceptions, far below what would be considered “mediocre”.
In fact, for most Brazilian B2B Lead companies and public bodies, personal data is seen and treated as an almost “bureaucratic” element, not to say banal. Information about employees (name, address, vacation, salary, various benefits, sick leave, etc.) is managed by HR with the help of software that is not very complex, depending on the case. Customer (or citizen) contacts are processed manually, normally for the purpose of sending invoices, emails or billing, and the history of purchases made is archived for the purpose of guaranteeing the products purchased.
After the LGPD came into force, this form of management tends to become a memory of the old days or reports (cases) appearing in administration books.
Indeed, the information age has given rise to a recent phenomenon of data production and exchange on a scale never seen in the history of humanity. Several companies created new business models using this “asset”, and accumulated enormous amounts of capital, power and influence in record time (Google was created in 1998, Facebook in 2004). On the other hand, there was a gradual movement towards awareness of the need to protect this asset (personal data) against its misuse or unauthorized use. Europe is, without a doubt, where the topic is most mature, currently governed by the General Data Protection Regulation (GDPR).
In Brazil, the entry into force of the LGPD aims to create a modern regulatory framework, largely inspired by the European Regulation. The aim is, among other objectives, to place the country among the select list of countries or international organizations that provide an adequate level of protection for personal data.
Thus, a series of obligations were created for companies regarding the collection, use and guarantees of integrity of personal data to be observed, under penalty of heavy sanctions. Likewise, said law granted rights to holders of personal data that can be exercised against any companies or public entities that hold such information. In this sense, if personal data has undoubtedly become a precious asset, it can give rise, if poorly managed, to important liabilities for those who hold it.
|
|
發表於 2024-3-16 13:57:37