The Brazilian Data Protection Law (LGPD - Lei Geral de Proteção de Dados) emerged a long time ago and has since drawn attention from numerous professionals. However, it is not uncommon to find websites and companies that ignore it, as they seek time to adapt. In this regard, how long can we ignore LGPD?
Well, it is no longer possible to ignore it. This has been a reality since its approval. Furthermore, it has been enforced since 2021.
With that in mind, it has been several years since this law was introduced, which leaves no excuse for ignoring it. Moreover, ignorance of the law can bring significant consequences, like fines.
Therefore, the clock is ticking against those who have chosen to postpone the necessary adaptations imposed by LGPD. It is time to change your stance. How and why to do so will be explained below.
##But what exactly does LGPD require?
LGPD is often mentioned, yet little is said about its actual requirements. However, it has become essential for online users and website owners to understand what it entails.
Only then can the true importance of this law be comprehended. But don't worry, we won't use legal jargon to explain it to you.
The LGPD is a nationwide regulation that came into effect in 2020. Many expected it to be implemented later, as there were speculations about its postponement, as seen before.
However, that did not happen. In other words, LGPD has been a reality since 2020 and requires attention. Many believe that it only applies to companies and their websites. However, it governs how all legal entities, including companies, governments, NGOs, associations, churches, and various other organizations, handle the data of the country's citizens.
It is worth noting that LGPD and all other privacy regulations do not only focus on digital data but encompass all types of data. Therefore, how a company handles an email provided on a website or on a clipboard matters! Similarly, this extends the care to not only the website's servers but also to files, cabinets, and notebooks that "store" such data.
In summary, all processes in your company that involve personal data in their workflows must be reevaluated and adapted.
Assuming that you already understand that every time you visit a website or take an online action, both your browser will record signals and the website will receive information about you. Let's reinforce that this cannot happen indiscriminately, right? That is precisely what the General Data Protection Law addresses. It ensures limitations on the use of personal data, whether on websites or any other environments.
(If you haven't grasped that we are talking about Internet Cookies, read about them here before proceeding.)
With this, the law aims to protect users' privacy and intimacy. It also ensures that they have a better understanding of how their data is used and the security measures taken by the company that has access to that information.
But it doesn't stop there. LGPD also introduces data classification concepts and specific safeguards regarding data breaches and handling.
Ultimately, this law aims to promote transparency between websites and users. It imposes measures that can ensure their security. Therefore, in summary, it establishes four crucial points regarding data protection:
##Tic Tac: There's no more time to ignore LGPD, see the consequences of doing so It should be clear to you by now that LGPD has brought forth a series of important issues that completely impact the way companies operate.
Now, bringing it into the digital environment we are currently in, it becomes even more crucial for companies to demonstrate transparency to their visitors and strictly adhere to authorizations and policies.
Although the law granted a transition period for companies until August 2021, that deadline has already passed. In other words, the application of penalties and fines under the General Data Protection Law is now possible for websites that fail to comply with its guidelines.
Therefore, if your website still doesn't have clear privacy policies, in the case of cookie usage, or a cookie banner that respects personalized authorizations, it is at risk.
The penalties under LGPD are quite severe and include warnings (less severe) and fines. For non-compliance, the fine can be up to 2% of the company's annual revenue (with a maximum calculation base of R$ 50 million). Additionally, there are possibilities of sanctions that can block a company's database until they regularize their operations.
In this sense, continuing to ignore the law that regulates data security and protection is shooting yourself in the foot for your company.
By doing so, you put your website and your company at risk. Even in the best-case scenario of receiving only a warning, persisting in the error will affect your finances and the image of your website, as well as access to data that is crucial for your activities.
##How to adapt to LGPD and avoid problems with the law? Ignoring LGPD is no longer an option since the deadline for compliance with the law has passed.
As we are currently in the digital environment, let's focus on how to help you in this process. After all, many companies nowadays have a significant portion of their processes and operations in the digital realm. Such as e-commerce, digital agencies, product launches, info product creators, startups, and more.
All the examples mentioned above rely on the use of personal data for marketing automation, landing pages, various tracking pixels with remarketing cookies, media campaigns, and so on.
In short, it is impossible to continue ignoring this law. But how can you put it into practice? Don't worry, we have prepared a basic step-by-step guide with some essential principles.
Remember, LGPD is not just a checkbox on your website; it involves a change in processes and a culture focused on privacy. So, below are some tips. If you take them seriously, you will find some valuable further guidance at the end. (Some people are charging a lot for the information we provide here for free - you're welcome!)Info
#ImportantInfo
##Plan your Compliance, "Know Your Mess."
First and foremost, it's impossible to talk about LGPD compliance without a plan. What does that mean? Understand that you'll never feel confident in what you're doing if you don't know where the data is, where it comes from, where it goes, who processes and uses it. Therefore, you need a Data Mapping, here's an article that will help you understand what it is and how to create one.
You know when you're at the grocery store and you see a product out of place? It's kind of bizarre, right? It gives us an uncomfortable feeling, as they would say in the South of Brazil. So, seriously, dedicate some time to this, and you'll see that all the other steps will be simplified. You don't want to find a toothbrush in your sock drawer when the Regulatory Agency comes knocking at your door.
##Work on a privacy policy.
First and foremost, it's impossible to put LGPD respect into practice without developing a privacy policy. It provides comprehensive information on how the company collects data, how it uses it, with whom it shares it, its usage deadlines, and other details.
Likewise, it clarifies how data is stored and what precautions are taken to ensure security against leaks, for example. So, remember to use clear and accessible language and address all relevant points in detail.
What's the basis for writing a good policy? Guess what! Your Data Mapping from the previous point. So, don't skip the previous step, trust us!
Here's an article to help you with the privacy policy.
##Use a cookie banner and configuration tool.
Remember that we're talking about digital companies, right? These companies have a very peculiar characteristic: the entry points for data are usually all digital. Therefore, it's much easier for us to control what goes through them! And even better, with the use of technology!
That's why your Cookie Banner or CMP - Consent Management Platform, when properly implemented, becomes practically a "Pareto of Compliance," those 20% of effort that solve 80% of the problems.
In other words, make sure your website has an appropriate cookie banner that helps you organize data from the moment of entry. The cookie banner won't be your silver bullet, but it will be an excellent start to keep things in order over time.
Here's an article for you to better understand how an LGPD cookie banner works.
For that, rely on Adopt. Our team consists of experienced professionals in the market who provide all the assistance you need. Here, we help you choose a cookie banner for your website.
##Be cautious with information security.
Another important point for adapting your company and website to the Data Protection Law is to increase the focus on information security. Companies have always been responsible for leaked data, but now even more so! Therefore, let's work hard to prevent any leaks or resulting damages that can have serious consequences for companies and the individuals whose data is exposed.
Therefore, highlight the risks of leaks and security in your data mapping. Once again, dedicate time to these security criteria and processes. You won't regret having them mapped and controlled because, in times of chaos, the best feeling is knowing that you are prepared and know what to do!
##Be cautious with marketing actions.
Finally, also apply your care in applying LGPD to your marketing actions. After all, it's necessary to strictly adhere to using communications and campaigns only to those who have authorized their receipt, as well as other flows that are triggered through the use of personal data.
Here's another interesting article for you: 10 Marketing Processes You Need to Reconsider under LGPD.
As mentioned before, these are just a few steps. If you want to delve deeper into compliance topics, the next article for you is here.
Want to understand why there are cookie banners on every website you visit today? This article is for you!
What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!
Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.
Here is a step-by-step explanation of how consent registration works in AdOpt.
The WordPress platform powers nearly 450 million websites globally, and it's estimated that 50% of Brazilian websites are on this platform. We are ready to help you, WP lovers!
Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...
How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.
Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.
Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.
In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).
Every day, millions of users generate data on the web, which is used by companies around the globe to improve their offerings. Therefore, in 2018, a law was created to regulate the use of personal data by companies, and this directly impacts digital marketing. We're talking about LGPD.
Sad, but this story is more real than you think. It all started with a "surprise" fine. Ever imagined everything crumbling around you? All because of a fine, an invoice that came "out of nowhere"? Your bank account, clients, your job, your car loan, marriage...
Those who do not operate in accordance with LGPD's provisions risk facing penalties ranging from warnings to the suspension of their website, databases, and hefty fines.
Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.
It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes.
Google Consent Mode (GCM) is nothing more than a way for you to integrate the consent you collect from your visitors into Google technologies. In this way, upon receiving this consent information, collection can only occur with authorization, thus complying with the legislation and having direct evidence of compliance as defense for both you and Google.
Con le leggi sulla privacy che fioriscono in tutto il mondo, Google (Alphabet) si è finalmente trovata obbligata ad adattare i suoi strumenti per essere conformi alle nuove normative come GDPR, LGPD, CCPA, PIPEDA, DPDPA, ecc.
Con la proliferación de leyes de privacidad en todo el mundo, Google (Alphabet) finalmente se ha visto obligado a ajustar sus herramientas para cumplir con nuevas legislaciones como el GDPR, LGPD, CCPA, PIPEDA, DPDPA, entre otras.
At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?
In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.
AdOpt
Resources
Legal Terms
© GO ADOPT, LLC since 2020 • Made by people who love
🍪