top of page

General Data Protection
Law

The General Data Protection Law (Law No. 13,709/2018), in force since September 2020, brings the definitions and duties regarding the protection of individuals' data, as an unfolding of the fundamental right to privacy.

Data Holder

The LGPD (General Data Protection Law) defines the data subject as the natural person to whom the personal data that is subject to processing refers. One of the law's guiding principles is informational self-determination, that is, the right of the data subject to information about the flow of his or her personal data, as well as to request rectification or deletion of records. 

The law considers personal data to be all information related to a natural person, such as social security number, address or e-mail, for example; and sensitive data to be that which concerns information about race, ethnicity, health, sexuality or political opinions, such data being more strictly protected by law.

site godoi colle (1).png

Data Treatment

It consists of any and all operations performed with personal data that allow the identification of its holder, such as the collection, storage, access or transfer of information. To carry out proper processing in compliance with the law, it is first of all necessary to map all data held by the company.

The LGPD establishes which are the situations in which data processing is allowed, such as the consent of the data subject, that is, when the data subject gives express authorization; or legitimate interest, situations in which data processing is necessary due to the activity carried out by the controller.

 

By complying with the LGPD, companies provide transparency and security to their customers, avoiding losses resulting from lawsuits. In addition, they can promptly respond to any requests from the National Data Protection Authority, the body responsible for enforcing compliance with the law and which may impose penalties if it detects violations.

Design sem nome (3).jpg

Who must do the adjustment

Data controllers, that is, any natural or legal person that has a database of natural persons. It is very important that companies in the healthcare industry comply with the LPGD because they fall into the legal category of Sensitive Data that we will address below.

site godoi colle (3).png

What is sensitive Data 

According to Article 5, subsection II of the LGPD, sensitive data is personal data about racial or ethnic origin, religious conviction, political opinion, membership in a union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data when linked to a natural person.

Sensitive data can only be processed with the express consent of the data subject, except in some specific situations provided for by law, such as for health protection and research purposes.

GodoiColle_Icone_Cor (3).png
  • Ícone cinza LinkedIn
  • Ícone do Instagram Cinza
  • Grey Spotify Ícone
bottom of page