top of page

GDPR X LGPD

  • CyberX
  • Mar 23, 2023
  • 4 min read

The privacy of personal data is a fundamental right of any individual, which refers to the control that a person has over the information that he shares with other people or organizations. This includes data such as name, address, telephone number, financial information and other personal data.


The privacy of personal data is important because this information can be used to identify and track an individual and it is sensitive and personal.


Protecting this data is crucial to ensuring that people have the right to control their personal information and ensuring the security of their information against misuse or security breaches. Unauthorized access and use of personal data can lead to crimes such as identity theft, fraud and other types of abuse.


General Data Protection Regulation (GDPR)

The General Data Protection Regulation, or simply GDPR, is a European Union privacy regulation that entered into force on May 24, 2016 and has been applicable since May 25, 2018, replacing the Personal Data Protection Directive of 1995 (95/46/EC).


GDPR has broadened its scope to apply to organizations outside of this region when processing collected personal data. It establishes the rules regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data in that region, regardless of where they are located geographically. This means that companies operating outside the European Union need to comply with regulations in the process of collecting information.


Below, the main obligations that guarantee the protection of private data that are determined by the GDPR:

  1. Consent: Before collecting and processing the data of European citizens, companies need to obtain their explicit and informed consent;

  2. Data protection by design: Companies incorporate protection measures from the beginning of the design process;

  3. Right to be Forgotten: Individuals have the right to request that their information is removed from company systems and websites. It is important in cases where you want to interrupt the relationship with the company or do not want your personal data to be kept in files;

  4. Notification of breaches: If there is a data breach that results in a risk to the rights and freedom of Europeans, companies must urgently notify them within 72 hours;

  5. Data portability: These citizens can ask for a transfer of what is private to them from one company to another, which they must be able to provide in a format that can be easily transferred.

The General Data Protection Regulation imposes significant penalties for breaches. Fines can reach up to 4% of a company's annual global revenue or €20 million, whichever is greater. Those that fail to comply with regulations are subject to severe sanctions, including fines and, consequently, reputational damage. Companies must also take seriously their responsibilities to preserve what is private.


The GDPR has also been successful in raising awareness of data protection and privacy for individuals in the European Union. Although it is a challenge for companies that need to adapt to new regulations, the General Data Protection Regulation is an important tool that guarantees the privacy and security of the personal data of these individuals.


The Regulation represents a change in the way companies must treat and protect such data, in addition to having updated their policies and practices to comply with the new regulations.

LGPD (General Data Protection Law)

The General Data Protection Law (LGPD), Law n. 13,709, of August 14, 2018, is the data privacy law in Brazil, which came into force in September 2020. This Law provides for the processing of personal data, including in digital media, by natural persons or legal entities of public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person.


Some of the differences and similarities between the GDPR and the LGPD are:

  • Territorial scope: The GDPR applies to all companies operating in the European Union, as well as to all companies that process personal data of individuals in that region. The LGPD applies to all companies operating in Brazil, and to all companies that operate personal data of Brazilians;

  • Definition of personal data: The GDPR and LGPD define data similarly, including information that identifies a natural person directly or indirectly. However, the LGPD includes personal data such as health and race information;

  • Consent: Both laws require companies to obtain consent from the data subject before collecting, using or sharing their data. However, the LGPD requires express consent, while the GDPR allows for implied consent in certain cases.

  • Data protection: The RGPD and the LGPD establish guidelines on the protection of private data and require companies to implement appropriate technical and organizational measures so that this data is preserved. However, the GDPR has more stringent standards for data protection, including requiring privacy impact assessments in certain circumstances.

  • DPO: The RGPD establishes the mandatory appointment of a Data Officer (DPO), also known as a Data Protection Officer, by the Controller and Operator of personal data. The regulation provides clear exceptions to the need for a DPO. Likewise, the LGPD requires the Personal Data Controller to appoint a DPO.

  • Penalties: Both laws have penalties for violations. The GDPR sets fines of up to 4% of a company's global turnover or €20 million, whichever is greater. The LGPD, on the other hand, establishes fines of up to 2% of the company's gross revenue, limited to BRL 50 million per infraction.


Conclusions

The General Data Protection Regulation (RGPD) in Europe and the General Data Protection Law (LGPD) in Brazil are milestones of great importance in the scenario of personal data protection around the world. Both aim to protect the rights of holders, so that their information is treated in a fair, transparent and secure manner.


The GDPR was one of the first comprehensive data protection regulations to be implemented, and it had a major global impact, serving as an inspiration for other similar laws, such as the LGPD in Brazil. The LGPD, in turn, represents a major advance in Brazilian legislation, establishing objective rules for collection, storage, processing and sharing.


Despite the differences, the RGPD and the LGPD share common principles, such as the need for explicit consent from the data subject, the obligation to inform the subject about the use of their data and the responsibility for total security and privacy.


In short, the RGPD and the LGPD are fundamental resources for the protection of personal data in an increasingly connected and digital world. Compliance with these laws is not only a legal obligation, but also an ethical imperative for companies that value the privacy and trust of their customers and users.


GDPR: Link

LGPD: Link


Did you already know the differences and similarities? Stay tuned for more news!

 
 
bottom of page