Em September 18, 2020, Law 13.709, of 2018, known as the General Data Protection Law, the LGPD came into force in the country, a subject that is gradually being incorporated into the Brazilian business environment. Is that from now on it starts to regulate the use, protection and transfer of personal data, which will inevitably influence the business model of organizations, both public and private. These will immediately have to adapt to the new flows for the correct treatment of these data, focusing on transparency, governance and constant internal awareness to avoid legalization. The scenario, therefore, is one of attention, but it can also be one of opportunities.
A national regulation, which provides for sanctions ranging from a warning to a daily fine of R $ 50 million, was inspired by the General Data Protection Regulation (GDPR), the European regulatory framework for data protection, which began to take effect in 2018. Survey of the office DLA Piper points out that until the beginning of this year, 160 thousand cases of data leakage were recorded in the European Union, with fines accumulated in an amount above € 114 million (or about 743 R $ million in the updated quote)
Do you want to receive TrendsCE content on your smartphone?
Access our Whatsapp and say hi to us.
The discussion, however, is not so recent in the world. Since 1995, therefore at the very beginning of the spread of the internet, that continent has been focusing on the issue of protection guidelines. Countries like Sweden and Germany have since developed barriers to prevent the misuse of personal information, something that has intensified in recent years with the use of Big Data for commercial purposes and the development and popularization of social networks.
Returning to the Brazilian reality, Natali Camarão, legal manager of the Fiec System, highlights the importance of the new law to offer legal certainty to companies. It implies that whoever adapts more quickly and smoothly to changes, striving for transparency in these processes, will consequently have more competitive advantages.
“I heard a lot out there, in the debates and lectures we did, questions like whether the LGPD would be another law to bureaucratize the life of the entrepreneur. But it is necessary to start to demystify it and see it in a positive light. From the moment in which Brazil has data protection legislation in a digital transformation scenario, we are at a level of competitiveness with other countries at the same level in terms of information security legislation ”, she argues, adding that nations that do their “homework” more efficiently, will become a kind of “safe haven” for trade relations with others that have taken this issue seriously for some time.
Partner at the Aguiar Advogados Law Firm, Andrei Aguiar recalls that one of the elements that made Brazil develop and accelerate the process, approval and sanction of the LGPD was the fact that the law became a requirement for the country to join the Organization for Cooperation and Economic Development (OECD).
"The legislation ends up working as a security, in a globalized world where trade turns the economy, so that the investor can enter the country. Having a norm for this is very important to attract these investors".Andrei Aguiar, partner at Aguiar Advogados
Aguiar says that the standardization for data protection was only a recommendation about 50 years ago. “The European Union compiled all of these existing sparse standards and brought them together in the GDPR, which is now a mandatory requirement. Over the years, this has been worked on in the culture of the European corporate environment. In other words, it took a lot of time. Here, it is something to be incorporated, and it will not happen overnight. It is a culture that needs to be disseminated both among users, so that they know their rights, as well as among those who will have possession and treat this data ”, he warns.
A Regarding the inspiration in European law, the lawyer explains that adaptation to Brazil has become more favorable, since it is more unified. “The American model, for example, is very fractional. For federation reasons, each state has a great deal of autonomy and has numerous laws regarding data protection ”, he differentiates.
LGPD in public management
The movement to adapt to the new legislation is also a recurring issue in the public sphere. The Executive Secretary for Trade, Service and Innovation at Secretariat for Economic Development and Labor (Sedet), Júlio Cavalcante Neto agrees that the rule is a good possibility of attracting foreign investments to the State, which has been striving in this direction, according to him, through initiatives aimed at governance and transparency. These are actions like Strategic routes, carried out in conjunction with Fiec; Ceará 2050; Fortaleza 2040 and Ceará Veloz, in addition to the intention of transforming Ceará into a technological, maritime and aerial hub.
Thus, Cavalcante points out, with the Government in possession of information about the taxpayer in the Finance Secretariat (Sefaz), of the citizen related to Health, Education and social weaknesses. "There is already a culture in the public area of taking great care in handling this information that is in the Government's database," he says.
Such attention becomes vital for the credibility of the management and the security of this data. Cavalcante points out that it is not the intention of “taking the Government to the cloud” today. He explains that there is already a decree for any State Secretary or related company, when requesting any processing service or software solution, to hire a cloud provider through Ceará Information Technology Company (Etice). It carried out an accreditation of major cloud providers in the world. Once there is a demand from any secretariat, the selection of an Information and Communication Technology (ICT) service provider may be made, within this relationship, with the State opting for a fair price and greater technical qualification.. “We ended up gaining, from this process, the security that these providers already have internally, with extensive experience, including solutions already tested in Europe and the United States, instead of starting from scratch in order to mitigate the risks of this data being accessed for misuse ”, explains Cavalcante.
Implementation and opportunities
Despite all the effort that adaptation to the new standard will require from companies, experts point out that you need to be aware of the opportunities that will inevitably arise from this change. After all, it is something that, depending on how it is carried out, can generate gains for companies, especially in terms of compliance, as confirmed by João Araújo Monteiro Neto, partner at CMS Law Firm in Data, Technology and Innovation and consultant at Data Protection Office Brasil.
“The process of adapting to the LGPD can bring numerous gains to the company, especially those that are planning or have already started their digital transformation. This is because, by observing more carefully the activities that involve personal data, the company can identify both new business opportunities as well as operational bottlenecks, or even waste of resources due to the redundancy or repetition of processes, actions and activities. In addition, a company suitable to the LGPD reinforces its compliance structure and can also exploit the reputation and confidence gain in its image ”, he explains.
One of the companies from Ceará that are already in an advanced stage in this update is the Serval Group, which, after 50 years of experience in the outsourced services market, invests in a new perspective on the issue of data processing for its customers, employees and business partners. The line of action is precisely to invest in trust.
“Despite all the initial cost and the work carried out with the culture change process, the optimization of procedures and the imposition of greater security in the treatment of data will directly reflect on a greater reliability of our services, which will certainly add value to the our image in the market ”, agrees Fabiano Barreira da Ponte, partner of the group and current president of the employers' union (Seasec).
In the case of the Serval Group, as Barreira details, the search for a good consultancy took place after several internal discussions, of which the option for the agreement signed between Seacec and the Aguiar Advogados office to carry out the work arose.Content translation is performed automatically by Gtranslate / Content translation is performed automatically by Gtranslate