LGPD: far beyond software

"Data is the new oil in the business world." Who has never heard this new jargon of modern times, let the first stone be thrown. Database has gained value, as it is considered the fuel for the development of current businesses. It is a powerful tool, capable of transforming and leveraging any sector - when well managed and applied. But the monetization of this tool, unlike oil, is not so obvious. There are legal limitations to the direct marketing of data. Even with the recent introduction of GDPR (General Data Protection Regulation) in Europe and the LGPD (General Data Protection Law) in Brazil, which will come into force in August 2020, technology companies will need to reinvent themselves ... Or not?

Estopim

The LGPD aims to regulate the processing of personal data and clarifies for companies when and how they can do this. With rules on the processes of collecting, storing and sharing this information, its goal is to prevent consumer privacy from being violated by organizations and the government itself.

This is a topic debated in the sector since 2010, but it only gained relevance last year, after the scandal involving Facebook. Global Science, an American research center focused on marketing, found a loophole in the terms and conditions of the Mark Zuckerberg platform, which said that no data collected by the social network could be sold, but that it did not apply this same restriction to apps they used The social network. The researcher used this subterfuge to do a psychological test on the platform, so when a Facebook user took the test he would deliver the data to Global Science Research, such as name, email, place of residence, tastes and habits on the internet. After the collection, he sold this information to Cambridge Analytica, a company that performed data analysis and was hired by the Donald Trump presidential campaign, the election in which he won, and by the group that promoted the United Kingdom's departure from the European Union (Brexit ). In possession of these data, Cambridge Analytica analyzed the voter's profile and based on that it directed propaganda in favor of the political movement that had hired its services.

The approval of the LGPD was driven by this scandal, not only because Cambridge Analytica planned to operate in Brazil's last elections, but the need to have a law to regulate the processing of personal data was also exposed. Although some clauses of the law are still a little ambiguous and need to mature, the LGPD provides guidelines that help to remove various uncertainties that had previously been about the field.

Main impacts of LGPD

This measure causes a kind of domino effect. To avoid fines (which can reach R$ 50 million) and the interruption of their activities in Brazil, companies need to not only regularize themselves, but also require suppliers and partners to do the same, in order to ensure that all stages of their process are within the new law. For this reason, choosing carefully the partner specialized in technology is essential, since he can assist in this period of transition.

In fact, as GPDR has extraterritorial applicability, many Brazilian organizations have had to adapt to this new reality for a while and provide products and / or services with the adoption of privacy by design (product or system design with the privacy present in the structures technologies, business model and physical infrastructure). Sinqia itself is already operating in compliance with the standards, both European, when the Brazilian ones will come into force and helping its customers to adapt.

Having said that, contrary to what is disseminated en masse in the media and passed in lectures on the topic, I argue that the greatest impact of LGPD is not necessarily that the technological solutions themselves that have to be modified according to the requirements of LGPD. It goes far beyond software: it will take a change in the internal culture and in the governance of organizations. The tool operator, in many cases, is largely responsible for the misuse or leakage of data. In the case of Facebook, mentioned above, it is possible to interpret that the failure was not due to the platform; there was no technical error in the technology. It was the professionals who used it that mishandled the social network.

Therefore, for organizations that have a good partner for services and technological products, the challenge will be much more focused on training their professional staff. For users, the rationale is similar: attention to their behavior when providing some personal information will have to be doubled. Technology will assist in the process, but it will take a change in the mindset of modern society.

* Thiago Saldanha is the leader in the development of Sinqia's software platforms