Protecting personal data has become a fundamental issue in the digital age, leading to the implementation of regulations worldwide to ensure individuals' privacy and security. Two of the most well-known and comprehensive regulations in this regard are the General Data Protection Law (LGPD) of Brazil and the General Data Protection Regulation (GDPR) of the European Union. After all, they cover vast populations in their territories, consequently resonating beyond their borders.
However, while both aim to protect individuals' rights regarding the processing of their personal data, there are some important differences between them.
The first significant difference between LGPD and GDPR lies in their geographical application. GDPR applies to all European Union (EU) member countries and also to companies outside the EU that process data of EU individuals.
On the other hand, LGPD applies to all organizations processing personal data in Brazil, regardless of their geographical location. This means that both Brazilian and foreign companies dealing with personal data of Brazilian individuals must comply with LGPD provisions. Hence the importance of transparency in international data transfers.
Another significant difference is the amount of non-compliance fines. Under GDPR, fines can reach up to 20 million euros or 4% of the company's global turnover, with the higher value prevailing. Meanwhile, LGPD establishes fines that can go up to 2% of the company's revenue in Brazil, capped at 50 million Brazilian reais per infringement.
It's important to note that these values represent maximum penalties, and the severity of the infringement and the organization's financial capacity are considered when determining the fine. Another point is that the fine is per infringement, meaning that 1 citizen who has their data compromised equals 1 infringement. How many infringements would be calculated for a database with thousands, millions of data?
The definition of sensitive data also differs between the two regulations. While GDPR includes specific categories of data such as race, ethnic origin, political opinions, religious beliefs, health, sexual orientation, among others, LGPD goes further and also includes biometric and genetic information as sensitive data.
This broadening of the definition of sensitive data in LGPD reflects the concern to protect even more sensitive personal information and ensure that it is processed with due care.
Consent for data processing is another aspect that differs between GDPR and LGPD. Under GDPR, consent must be explicit, specific, and freely given by the individual. In contrast, LGPD requires unequivocal consent, provided through a statement or other affirmative action by the data subject.
Both regulations emphasize the importance of informed and free consent, ensuring that individuals have control over how their personal data is used.
However, you might wonder: Wouldn't it be the same thing but worded differently?
Nevertheless, despite both regulations emphasizing the importance of consent, there are subtle differences in how they approach this aspect.
According to GDPR, consent must be explicit, meaning it must be given through a clear and specific affirmative action by the individual. This implies that consent cannot be presumed or obtained through omission or pre-selection. Furthermore, consent must be specific, clearly indicating the purpose for which the data will be processed. It must also be freely given, meaning the individual must have the freedom to choose to consent or not, without suffering pressure or coercion.
On the other hand, LGPD requires unequivocal consent, which means that consent must be clear and indisputable. It must be provided through a statement or other affirmative action by the data subject, indicating their agreement to process the data for a specific purpose. LGPD does not use the term "explicit" like GDPR but requires consent to be unequivocal, meaning it leaves no doubts or ambiguities.
Although the nomenclature and words used to describe consent may vary between the two regulations, the differences go beyond that. GDPR sets specific requirements for explicit consent, while LGPD emphasizes the need for unequivocal consent.
These differences reflect the distinct approaches taken by each regulation, although both aim to protect individuals' rights and privacy regarding the processing of their personal data.
Another relevant point is the appointment of a Data Protection Officer (DPO). Under GDPR, some organizations are required to appoint a DPO to oversee compliance with the regulation and act as a point of contact for data protection-related issues. This obligation applies to organizations that carry out systematic monitoring on a large scale of personal data or process special categories of data, such as health-related or ethnic origin-related data.
In contrast, LGPD, while not requiring the appointment of a Data Protection Officer, recommends that companies designate a professional responsible for dealing with privacy and data protection issues. Ultimately, the company's managing partner would already be responsible for this aspect.
Regarding the impact of internet cookies, both GDPR and LGPD address the issue similarly. Cookies are small text files stored on users' devices when they visit a website. They play a crucial role in personalizing the online experience but can also collect personal information. Both regulations require websites to obtain user consent before storing or accessing cookies that collect personal data.
GDPR establishes that consent must be obtained through a clear affirmative action, such as checking a checkbox or clicking a button. Additionally, users must be informed about which cookies will be stored, for what purpose, and for how long. They also have the right to withdraw their consent at any time.
Similarly, LGPD follows a similar approach, requiring websites to obtain prior and unequivocal consent from users before using cookies that collect personal data. Users must be informed about the purpose of the cookies, as well as the option to refuse or revoke consent. Moreover, LGPD also provides users with the right to access, correct, and delete their personal data collected through cookies.
Therefore, both GDPR and LGPD aim to ensure that users have control over their personal data, including those collected through cookies. Companies operating in both the European Union and Brazil must be aware of the provisions of these regulations and take appropriate measures to ensure compliance.
In summary, GDPR and LGPD are comprehensive data protection regulations aimed at protecting individuals' rights and privacy. Although there are differences in their geographical applications, fines for non-compliance, definitions of sensitive data, and consent requirements, both share the goal of promoting transparency, control, and security in data processing.
The impact of internet cookies is significant for companies that must comply with both GDPR and LGPD. Cookies are widely used to track user behavior, personalize ads, and enhance the browsing experience. However, they also raise concerns regarding privacy and the protection of personal data.
For companies operating in compliance with both regulations, it is crucial to ensure that cookies are set up and used in accordance with consent and transparency requirements established by the regulations. This entails obtaining explicit consent from users before activating cookies and providing clear information about the types of cookies used, their purpose, and storage duration. Additionally, companies should allow users to opt out of accepting cookies or easily manage their cookie preferences.
Non-compliance with provisions related to cookies can result in substantial fines, as well as loss of user trust and damage to the company's reputation. Therefore, it is essential for companies to be vigilant about the obligations imposed by both GDPR and LGPD regarding internet cookies.
To ensure compliance with GDPR and LGPD regarding cookies, companies should take the following measures:
Preference Management: Companies should offer users clear options to manage their cookie preferences. This may include the ability to accept or reject specific categories of cookies or revoke previously given consent.
Data Security: Companies should implement adequate security measures to protect personal data collected through cookies. This includes safeguarding this information against unauthorized access, misuse, or disclosure.
User Rights: Companies must respect users' rights regarding their personal data, as established in GDPR and LGPD. This includes the right to access, correct, update, or delete data collected through cookies.
By adopting these measures, companies can ensure they are acting in compliance with data protection regulations and demonstrating their commitment to user privacy and security.
Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular site? Want to delete all cookies from a specific service or site?
In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).
LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.
Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD (Lei Geral de Proteção de Dados), and CCPA.
Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.
How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
Want to understand why there are cookie banners on every website you visit today? This article is for you!
In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!
It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
Every day, millions of users generate data on the web, which is used by companies around the globe to improve their offerings. Therefore, in 2018, a law was created to regulate the use of personal data by companies, and this directly impacts digital marketing. We're talking about LGPD.
© AdOpt since 2020 • Made by people who love🍪