With 10 articles and 65 chapters, the General Data Protection Law or LGPD was sanctioned by Michel Temer in August de 2018 and represents a legal framework for the protection, processing and use of personal data. The legislation determines the way in which personal information must be treated by Institutions and Companies, whether in the public sector or in the private sector (Law nº 13.709).
This set of laws is already in force in European Union countries and affects Brazilian companies doing business abroad.
It is important to point out that, “Personal data” is defined as any type of information related to an individual that can, alone or in conjunction with other data, define their identity.
Some examples that fit this definition are:
Furthermore, the law places Brazil on an equal footing with many other countries that already have well-defined rules on the subject. It also represents an important cultural change. After all, all internet users will be encouraged to pay greater attention to the way their personal information is being used by third parties.
For companies that work with digital campaigns, understanding the law is essential to avoid damage to their image and even legal punishments. By strengthening users' rights over their own information, the LGPD forces companies to demonstrate good faith and transparency in the way they collect and use data.
With regard to data collection, a user's first point of contact with an institution or company is through the institutional website or blog. In these environments, it is essential to ensure adequacy in the seven main areas that the law brings to us. See below what they are:
One of the most important pages on an institutional website for the company is the contact page. Generally, it is in this environment that name, email and an optional message are collected that allows an interested party to contact the company in question.
These are examples of personal data that should only be used with the user's consent. The website must make clear to users what rights they have to access, rectify or even disable the use of your information and make the following changes:
The collection of sensitive data (race, religious or political beliefs, sexual orientation) that could result in damage to a person's reputation, financial loss or lead to major social disadvantage must be carried out with caution to avoid the imposition of fines or sanctions penalties.
It is also necessary to create a policy for regularly deleting this data, especially if, at some point, it is stored offline or on legacy servers (in the company's ERP or CRM, for example). This policy must be documented along with the data handling and retention process.
Sending marketing information is a practice that returns great results for companies and is one of the items that we should pay the most attention to at this time. Users must consent to receive these materials and acceptance must be given freely. Remembering that the consent fields must not be filled out in advance.
One of the premises of the LGPD is to make the purpose of capturing their data clear to the user, this is no different for newsletters. Therefore, each action must have specific consent. In this process it is allowed:
All communication sent subsequently (newsletters, promotions, notices, etc.) must contain a link so that the user can unsubscribe or update information.
It is also necessary to inform that the data will be retained in the company's database until this cancellation or deletion is carried out.
Legislations that ensure the privacy of third-party data, such as the LGPD, were created to grant people the specific rights in relation to electronic communications.
The use of cookies allows the website to recognize the device, information about the user's preferences and actions on the Internet. Furthermore, it is directly related to Google Analytics. For these reasons, it is important that the website owner:
In accordance with the General Data Protection Law, the agent has an obligation to keep user data secure.
In the event of a breach resulting in damage to the user's reputation, financial loss, compromise of confidentiality or major social disadvantage, the holder must notify the National Data Protection Authority. To ensure adequacy, some actions are essential:
Collecting data from minors is more sensitive, due to the inherent vulnerability of children. Another problem in processing this data is the difficulty of proving the veracity of the consent of legal guardians. Carry out a risk assessment to determine:
To avoid problems, consider offering services on the website that do not require data collection or processing from third parties underage, a free game that does not require registration, for example.
In low-risk situations, require a date of birth to be entered or create a checkbox that confirms the user's age of majority.
Even if entrepreneurs comply with the General Data Protection Law, it is necessary to create a policy for the continued use of information obtained from users on the institutional website and corporate blog, the companies' main points of contact with their audience.
We have updated our Data Processing Agreement
Dear user,
We would like to inform you that we have updated all of our services to ensure they comply with GDPR guidelines. And we've made some changes to our legal agreements that will apply to you.
These changes reaffirm the commitment of Bitrix24 with the highest data protection standards and compliance with all applicable laws and good practices, as well as safeguarding our users' data.
You do not need to take any further action in relation to the changes set out in this email if you have already accepted our Data Processing Agreement. Updates will be effective automatically starting September 17, 2020, and by continuing to use our service and access our features, you agree to the updated terms.
If you have not previously accepted our Data Processing Agreement, you may do so in your user account settings as described in our helpdesk article.
If you have questions about any of these changes or your account, please don't hesitate to contact our privacy team.
Thank you for using Bitrix24!
Best Regards,
Staff Bitrix24
(16 / 09 / 2020)
The purpose of this page is for information purposes only – we do not provide legal advice nor are we responsible for measures that may be adopted by third parties.