Brazilian Data Protection Law LGPD
Brazilian Data Protection Law LGPD — How can your business be prepared?
The Lei Geral de Proteção de Dados Pessoais (LGPD) is a new Brazilian legislation, translated as the General Law for the Protection of Personal Data. Inspired by GDPR in the EU, the LGPD has many similarities to the European regulation. The LGPD was introduced in August 2018 and the sanctions will be effective from August 1, 2021.
It is mandatory to comply with the LGPD for all organizations that process the data of Brazilians, regardless of where those organizations are based. If the relevant security measures aren’t adopted to protect the data of Brazilian citizens, then organizations may be liable to pay heavy fines.
Compliance preparation starts with developing and following a data protection strategy. A solid and efficient strategy includes data encryption and wiping.
Contact Data Protection Specialist
Brazilian Data Protection Law LGPD & Encryption
The LGPD regulation applies to companies when they are processing:
- Personal data in Brazil
- Personal data that was collected in Brazil
- Personal data to offer goods or services in Brazil
The regulation defines 'personal data' as information related to an identified or identifiable natural person. The LGPD indicates, however, that personal data that has been anonymized and cannot easily be returned to its original state doesn’t fall under the scope of the regulation.
One of the most effective ways of anonymizing personal information is by using encryption to protect data from both physical and virtual threats. Data should always be encrypted by companies at the source where it is stored and before it leaves controller possession.
To help your company comply with the LGPD encryption requirements, Jetico offers two types of software:
- BestCrypt Volume Encryption for superior whole disk encryption
- BestCrypt Container Encryption for selected files and folders
Brazilian Data Protection Law LGPD & Wiping
Part of the LGPD regulation is the 'Right to Erasure', which is very similar to GDPR’s 'Right to be Forgotten'. This control is split into two sections, with the first part outlining that data must be deleted if it is excessive, unnecessary, or unlawful. The second section requires data to be deleted on request if it has been collected based on consent.
Yet permanently deleting data is not as easy as it may seem. The improper removal of data leads to data remanence, which is the residual representation of data that remains after it is removed by normal means.
To help your organization comply with the LGPD wiping requirements, Jetico offers two types of software to wipe data beyond forensic recovery:
- BCWipe Total WipeOut to erase entire hard drives at end of life
- BCWipe to wipe selected files and folders on active systems
Need to get help with the Brazilian General Law for the Protection of Personal Data (LGPD)?