LGPD
General Law of Private Data Protection
About LGPD
The General Law of Personal Data Protection (LGPD), under number 13,709 / 2018, entered into force as of September 18, 2020, but its sanctions (penalties) come into effect as of August 1, 2021, for validity of Law No. 14.010 / 2020.
Regulates the use, protection and transfer of personal data processed within the Brazilian territory, with the aim of regulating the processing of said data in order to protect the fundamental rights of freedom and privacy. One of the main influences in the creation of the LGPD is the GDPR (General Data Protection Regulation), the data protection law that regulates the subject for the European Union. The GDPR is the most significant recent legislation on data protection, which has come to serve as a model for many other countries to adopt similar provisions or reinforce pre-existing policies.
Who does the LGPD apply to? The Law applies to any person, natural or legal (public or private) that processes personal data, including those collected before the start of their obligation. LGPD has an application called offshore. This means that LGPD applies regardless of the location of the headquarters, or the location where the data is processed. In this case, the law is applicable to companies and organizations that process personal data of Brazilian citizens, regardless of the physical location of the company.
Actors and roles
There are four types of agents with specific roles and responsibilities, according to the LGPD: the controller, the operator, the owner and the person in charge.
Controller:
It is the company / organization that makes the decisions regarding personal data, which defines when and how the data will be collected, for what purposes it will be used, where and for how long it will be stored. According to the commercial rule of Secullum, the client who contracts the software service has the role of data controller.
Operator:
It is the company / organization that carries out the processing of personal data under the orders of the controller. The operator does not make decisions about the use of the data. Within our business rule, Secullum and the distributor have the role of operator.
Owner:
It is the natural person to whom the personal data refers. It could be, for example, an employee of a company that has purchased the Secullum software.
In charge:
It is the natural person designated by the controller, who acts as a communication channel between the parties (data controller, owners and national authority) and guides the controller's employees on data processing practices.
ABOUT COMPANY´S COMMITMENT
Secullum is committed to supporting its clients in complying with the law and has taken steps to ensure compliance with the law within an appropriate period. Tuning of our solutions has already been done on various products and modules. See our page on solutions affected by this legal requirement and learn more. See some examples in which our solutions handle personal data:
- Secullum - billing of utility bills;
- Time and attendance solutions: contact details, curriculum vitae;
- Time and attendance solutions: payroll, benefits;
- Access and security solutions: biometric registration, third party registration;
ACTIONS THAT TYPIFIES PERSONAL DATA PROCESSING:
What can be considered data processing? Data processing is any operation carried out with data, from collection to disposal. The LGPD stipulates rules for any action for the processing of personal data: such as collecting, classifying, using, sharing, reproducing, processing, archiving, storing, etc.
WHAT IS CONSIDERED PERSONAL DATA
It is all the information (or set of information) related to an identified or identifiable natural person. It is important to highlight that the definition of personal data has a segmentation: sensitive personal data, characterized as all the information (or set of information) that can give rise to discriminatory practices. Sensitive personal data has greater protection in the LGPD. See some examples and understand the difference:
PERSONAL DATA OWNER RIGHTS
The interested party is any natural person whose data is processed by companies and organizations. The LGPD grants the owner the broad right to information, access, rectification and deletion of data, as well as the withdrawal of consent for the use and treatment of said data previously provided. In practice, the change increases the transparency and control of the interested party over the use of their data.
CONSENT TERM OF DATA USAGE
For the data of a person to be processed by companies and organizations, the LGPD provides for the request for the woner´s consent. Therefore, it is essential to understand the importance of the consent term and its impact on some processe´s flow. For further information, see the documentation for the Consent Term for data usage.
CONSENT TERM AND PRIVACY POLICY
Secullum Software is committed to protecting your personal data and takes the necessary measures to ensure the security, integrity and reliability of your personal data. You can request the deletion of your personal data here through this e-mail lgpd@secullum.com.br