When it comes to data protection, Brazil is still taking its first steps. However, they are firm and very important steps. If we were to compare legislation to a child, in the coming days we would have a party, cake and brigadeiro: on September 18, four years of the General Data Protection Law come into effect, the LGPD (Law 13.709/2018)
Just four letters, but that brought so many impacts – positives, by the way! In recent years, the theme "data protection" has gained relevance in Brazil and has been discussed in the media, in the corporate environment and among society in general. However, in many countries, information security is a reality that existed even before the internet became established as a tool for work and entertainment
That is to say, Brazilian thought, individual and corporate, is still crawling, while the European already enjoys the maturity of this culture. After all, in 1981, in Europe, the International Data Protection Treaty was born, document that later became the basis for other regulations
It has been four years since the LGPD came into effect in Brazil, and a portion of companies have sought the necessary tools to comply with the law and avoid liabilities and issues when it comes to data protection. Before that, however, the vast majority ignored the issue and did not have established policies that provided an acceptable level of security for personal information
However, even after so much debate and so many negative episodes, there is still a significant number of corporations that have not implemented any technical and administrative measures, how the security policy adapts to the LGPD. Chose to take risks, neglecting your database and your client portfolio. A survey by the Daryus Group showed that 80% of Brazilian companies are still not fully compliant with the LGPD – 35% stated they are partially adequate and 24% are in the initial phase of adequacy
The National Data Protection Authority (NDPA), autarchy responsible for regulating, to oversee and enforce the provisions set out in the legislation related to the protection of personal data, is active and attentive to the arbitrariness committed against data subjects. Contrary to what was thought until recently, the internet is not a lawless land
In many cases, what drives organizations to establish a data protection framework is the fear of the penalties and sanctions provided for in the LGPD, as well as to meet the contractual requirements. However, what should drive companies is the commitment to the safety of their customers and employees, not only the legislation. Furthermore, the information is extremely valuable for companies. It is through them that the habits and consumption patterns of their customers are known, enabling the anticipation of service and product offers or even correcting strategies
As people begin to understand that the protection of their personal data is a legally guaranteed right, criminals exploit the vulnerabilities of companies and systems to steal this information, once data is worth a lot of money in the black market. A survey by Cybersecurity Venture indicated that cyber crimes are expected to cause estimated losses of around $10,5 trillion, annually, by 2025
