LGPD
General Personal Data Protection Law (LGPD)
The General Personal Data Protection Law (LGPD), Law No. 13,709/2018, was enacted to protect the fundamental rights of freedom and privacy, and the free formation of each individual's personality. The Law talks about the processing of personal data, available in physical or digital media, carried out by an individual or legal entity under public or private law, encompassing a wide range of operations that can occur in manual or digital means.
Within the scope of the LGPD, the processing of personal data can be carried out by two processing agents – the Controller and the Operator. In addition to them, there is the figure of the Person in Charge, who is the person appointed by the Controller to act as a communication channel between the Controller, the Operator, the data subjects and the National Data Protection Authority (ANPD).
A fundamental theme addressed by the Law, data processing refers to any activity that uses personal data in the execution of its operation, such as, for example, collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
Before initiating any type of processing of personal data, the agent must make sure that the purpose of the operation is clearly and explicitly recorded, and that the purposes specified and informed to the data subject. In the case of the public sector, the main purpose of the processing is related to the execution of public policies, duly provided for by law, regulations or supported by contracts, agreements or similar instruments.