Learn all about the General Data Protection Law

muskanislam25 · Post by **muskanislam25** » Sat Feb 22, 2025 8:12 am

The General Data Protection Law is a new rule to ensure greater security regarding data provided to a company or individual.

The law, which comes into force next year, promises to provide greater peace of mind for organizations and their customers.

Even though it will only be mandatory in 2021, companies that have already adopted this measure stand out for the security provided and the updating of their policies.

And, we don't want you to be left behind!

Therefore, in this article we will talk about everything you need to know about LGPD. To produce today’s text, we had the participation of lawyer and LGPD specialist, Jonas Inácio.

You will read about:

What is the General Data Protection Law?

What does the General Data Protection Law change for companies?

How to implement the General Data Protection Law in my company?

What is the General Data Protection Law?
The LGPD was created in 2018 by then president Michel Temer.

The law aims to establish rules for the use, collection, storage and sharing of user data by both public and private companies.

In its first article, the law provides for the processing of Malaysia telegram data personal data, both in physical and digital media, by a natural person (ordinary people) or legal entity (companies), under public or private law, with the aim of protecting the fundamental rights of freedom, privacy and free development of the natural person's personality.

The LGPD also defines personal data as any and all information related to a person that makes them identified or identifiable.

Regarding this, lawyer Jonas Inácio states:

“At this point, it is important to make it clear that if you have 300 leads and need to identify a person in that group, you can search, for example, for a woman with blonde hair who lives in the city of Juiz de Fora. In this way, it is possible to identify a specific person within a group. In other words, you make the person identifiable through the data you have.”

The law also addresses the definition of processing: any operation carried out with personal data.

These operations may be collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, elimination, evaluation or control of information, modification, communication, transfer, dissemination and extraction.

What does the General Data Protection Law change for companies?
Firstly, it is necessary to understand that the LGPD aims to ensure that user data is respected and that it is not exposed to risks of leakage or misuse of personal information.

Therefore, both companies and professionals who process data must adapt to the changes, creating a culture that values data protection, the need to adapt technologies and train their teams.

The lawyer emphasizes that:

“In addition, it is important to remember that companies need to implement and disseminate a privacy and security policy, making it clear to the consumer what data will be protected, how it will be used and how long it will be stored.”

Another point of attention is work and employment relationships, which must also have their data protected.

The company holds the information of its employees. Therefore, it must also ensure that the LGPD protects its employees' data.

Organizations need to take care of the personal data that enters the company from the moment a CV is received, throughout the duration of the employment or service provision contract until termination.

Therefore, resumes, personal information, images and biometrics are data that must be protected by the hiring company.

How to implement the General Data Protection Law in my company?
According to Jonas Inácio, there is no manual or step-by-step guide to implementing this law in companies.

However, according to the law, there are two stages of adaptation. They are:

Technological stage:
This phase is also called information security. It consists of adopting technology to help secure the information and data that the company has. This way, it is possible to avoid virtual attacks, data loss and system failures.

Legal stage:
During the legal stage, a mapping of all the company's data processing activities is carried out, identifying all data subjects involved, the types of information and the flow of information within the organization.

In practice, when an organization receives a lead, it will need to identify the way in which that lead came in, such as a landing page or outbound prospecting , for example.

It is also important to record which sector this data was passed on to and, thus, draw up a map of the path this information took within the company.

After mapping, it is necessary to determine the legal basis that justifies the processing of data in each activity (a sale or pre-sale, for example) and define the time it will remain within the company.