Companies that process personal data must take the necessary measures to secure this information.
In January 2021, data from more than 223 million Brazilians were megaleaked and were being sold by cybercriminals in internet forums. Among the information that became public, are the CPF number, vehicle data, registration in social programs and INSS (National Social Security Institute) benefits. The number exceeds that of the Brazilian population, as data on deceased people were also leaked.
More recently, both the Ministry of Health website and the Conect SUS platform, responsible for issuing Brazilians’ vaccination certificates, were the target of a hacker attack. Users were unable to access the information made available by the system, which resulted in delays in care for those who were in line for vaccinations in many states of the country. According to the group that claimed authorship of the attack, about 50 terabytes of data were copied.
These two situations show the fragility of our data protection system. It is increasingly common to come across news about leaks, and not only in Brazil, but on a global scale. Data became valuable assets, an exchange currency for the most diverse commercial transactions. And companies that process the personal data of customers, employees and partners must take the necessary measures to secure this information.
Brazilian General Data Protection Law (LGPD)
Following a global trend towards the protection of personal data, the Brazilian General Data Protection Law, or simply LGPD, establishes the necessary legal security for the processing of personal information by public and private companies. In force since August 2021, the new standard, among other things, guarantees the data subject the right to know how and for what purpose the company collects their personal information.
Although the many changes required by the law have frightened most businesspeople, they can also improve internal processes and even the company’s image before its customers.
By implementing the LGPD, companies will have to identify what types of data they have, where they are used, how they are collected, how long they are retained, for what purpose they are obtained and how they are shared. In this way, they will be able to identify and eliminate those data they do not need, thus reducing the risk of data breach, the consequences of which can be devastating for a brand’s reputation, with the loss of customers and the high costs for the companies affected.
As cyber attacks become more common, the LGPD offers the opportunity for companies to re-evaluate their data security strategy and implement the necessary changes to protect personal data. In addition, the presence of a Data Protection Officer (DPO) is also required, who will supervise all activities involving data processing within the company, ensuring compliance with the law.
Here at Pryor Global, the DPO Outsourcing sector ensures that our clients’ companies comply fully with the requirements of the General Data Protection Law. Contact us to find out how we can help you protect the data of employees, customers and business partners.