What Is the General Data Protection Law (LGPD) and How to Prepare for It?

The LGPD (Lei Geral de Proteção de Dados) was enacted in 2018 and came into full effect in August 2020, transforming the way the market handles customers’ personal data.

In an era of widespread data sharing and even data leaks, the law aims to provide greater security for users’ information and penalize companies that fail to ensure this protection. In short, all companies (of any type, sector, or size) must take several steps to comply with the new framework:

1 – Obtain customer consent to collect and process their data. Once granted, the customer may request the deletion of any personal data at any time.

2 – After obtaining custody of the data, companies must not share it with third parties without consent and must ensure its security to prevent leaks caused by external attacks or intrusions.

What happens if these rules are not followed? Among other penalties, heavy fines of up to 2% of company revenue may be applied, capped at R$50 million.

How to comply with LGPD?

Companies must organize their processes and develop methods, tools, and systems to ensure that any data they access is properly collected, classified, used, processed, stored, transferred, and deleted.

In practice, the entire workflow of data handling must be reviewed and restructured, combining human processes and technology.

What is the role of technology in this process?

Technology offers a wide range of solutions that help protect data:

• The use of firewalls prevents external attacks, acting as a kind of “gate” that blocks unauthorized access from WAN networks and filters incoming users and data.
• Access control systems at data center technical rooms—and also at server racks—restrict entry to authorized personnel only, preventing third-party access and potential data leaks. Access control can also be integrated with CCTV systems, cross-referencing camera footage with building visitor records.

Check access control solutions in our online store.

Another important point—although not directly related to the law—is proper data center infrastructure. Proper energy supply and climate control systems help ensure infrastructure stability and information security, preventing data loss due to power outages.

In this case, data loss may not constitute a legal violation, but it helps avoid serious operational issues for your company.

Consult our specialized team to learn more about our solutions.