* By Vanda Scartezini and Deana Weikersheimer
Almost all aspects of our lives today revolve around data - there is no doubt that we are increasingly digital citizens. This reality is the result of the scope imposed by the Internet, which manages to disseminate and process information at all levels and, among them, personal data that circulates in the media. Undoubtedly, the ease of obtaining these data has made a market geared towards its availability to grow in a geometric way, enabling access for all and becoming a high-value asset.
Interestingly, companies that trade data do so without the authorization of their owners, who despite offering free and spontaneous information about who they are, what they do and what their preferences of all kinds, are often unaware of their fate Dice.
Yes, we are the ones who offer this information freely and free of charge, which is then decoupled and transformed into businesses to be offered to large business groups in various segments. With these data and based on the profiles shown, companies are able to build marketing aimed at those duly identified people and this is of immense value.
We feel invaded daily with offers of products to lose weight, courses abroad, different restaurants. We wonder who instructed these groups to send us these messages, often without understanding that this fearless behavior puts us at the center of a business that involves millions of reais and bare us absolutely and without our authorization.
It is undoubtedly more than necessary to accept the understanding that “Personal data is becoming a new class of economic assets, a valuable resource for the 21st century, which will touch all aspects of society” (World Economic Forum, 2011). This is the reason for the enactment of the General Data Protection Law (LGPD, Law No. 13,709 / 2018, published on 08/15/2018), which will come into force in August 2020. More than a year after its publication , it is still possible to see, outside of lawyers, little understanding about the importance of this legislation and the preparation of companies to face their demands.
The impact it will have on the business world, whether physical or online, will be incalculable, since its main objective is to order the rules for the protection and any form of disclosure of personal data made available on the internet to minimize the large leaks of information. and scandals that involve, exactly and justly, its misuse.
Knowledge of the law requires a change in the corporate culture that must begin at the strategic level. First, top management needs to observe the warnings contained therein and determine that a tactical change be structured, adapting the company's processes to the law. For this, it is necessary to involve the Marketing, Personnel, IT and Legal areas, in order to build a language that adheres to your needs, to finally start the operationalization of the procedures that must be implemented to remain in compliance and ensure the protection and caution in the processing of personal data.
The LGPD, which is inspired by the General Regulation on Data Protection (European standard that came into force in May 2018, also known as GDPR), is born and proposes in its text ways to deal with personal data, disciplining how we collect it , we store, process and use and introduce changes that should radically transform the approach to privacy on the part of individuals, companies and public entities.
The reality is that the development of the digital economy in Brazil has become increasingly effective, especially when we use technology to implement daily activities and projects in our cities (with the aim of facilitating citizens' lives), disseminating knowledge and enabling and expand business areas, as it allows access from the touch of a computer key.
Thus, the enactment of the LGPD and its effectiveness as of 2020 will bring a legal and fundamental tool to make the reality mentioned above viable, seeking to protect the rights of the citizen in a regulated environment that helps companies to innovate, replacing and / or complementing a existing sectorial regulatory framework. However, it is important to note that as its entry into force will result in a disruptive culture within the organization, its implementation is not restricted to the knowledge of its devices, so that the company will need to activate areas, in addition to Legal, for the adequacy of internal processes existing, such as Compliance and Technological Security.
Once the need for internal adjustments has been identified, monitoring and compliance processes should be structured, as well as mechanisms for stabilizing the security criteria of stored data should be created - the holder of this data will be the main protagonist of this structural rupture, since the LGPD allows you full control over how your personal data is processed and used.
From now on, there are 10 months left for companies that have not yet taken steps to adapt and adapt to the law. Failure to comply with these obligations can result in very high fines that can reach millions of reais for an infraction, among others listed in the legal text.
The LGPD applies to all sectors of the economy and has extraterritorial application - that is, every company that does business in the country must adapt to it, being fundamental to restructure its internal practices and apply the concept of Privacy by Design to its technological structures, the business model and the physical infrastructure, addressing the protection of personal data collected, for several reasons, from the conception of the product or system. Thus, privacy will be present in the architecture of the project, allowing the user himself to be able to preserve and manage the collection and treatment of his personal data.
* Vanda Scartezini is an advisor to ABES (Brazilian Association of Software Companies) and coordinator of Think Tank Brasil 2022
* Deana Weikersheimer is a professor at FGV and a lawyer with extensive experience in the software field