Skip to content

LGPD: How to comply with the 10 privacy principles

After two years of waiting, the general data protection law (LGPD) will finally come into force in Brazil. The law aims to regulate the processing of personal data, mainly ensuring the security, transparency, and integrity of the data provided.

Since its announcement, it has been widely discussed among companies how to adapt to the rules established by law, as the impact on data processing is enormous for companies to create their communication strategies and protect personal data effectively.

Companies that have not yet adapted to the LGPD are subject to fines of R$ 50 million, which would bring huge losses to any company.

If you have not adjusted yours yet and want to catch up with the damage as soon as possible, we have this article to show you the 10 privacy principles for you to comply with the LGPD, check them out:

Learn More: 7 important details between the LGPD (Brazilian) and the GDPR (European)

10 Privacy Principles

Before you put measures in place to regulate your company, it is important to know the 10 privacy principles that LGPD requires from companies, which are:

  1. Purpose limitation principle: inform the purpose of collecting data from the user.
  2. Adequacy principle: the data will have to be processed in a way that makes sense with the purpose that was informed to the holder.
  3. Necessity principle: request only the information necessary for the fulfillment of its purpose.
  4. Free access principle: give assurance to the personal data holder that they can know the form and duration for which their data will be used.
  5. Quality of data principle: the company will be responsible for the quality of provided.
  6. Transparency principle: the user must receive a notice with a detailed list of how their personal data can be used.
  7. Security principle: a company must have a means to ensure that only authorized people have access to such data.
  8. Prevention principle: data cannot be shared with other companies or people not authorized to process it.
  9. Non-discrimination principle: data cannot be used for illegal purposes.
  10. Accountability principle: it is necessary to have the term that ensures the 10 principles are being followed.

How to Ensure that the 10 Principles are Followed

To ensure the integrity of personal data, your information security team must contribute a lot, since fully protecting personal data is required for the company to have efficient privileged access control.

One that allows only authorized people to access the information and ensures the security from any internal or external threat, in addition to recording all types of actions taken on personal data.

A good way to solve this effectively is by hiring a PAM solution. A good PAM solution manages all the points you need to pay attention to, ensures internal and external security, and even records all actions performed within the databases. If you are curious to know how a PAM solution works, fill out the form below and request the demo.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.