Rights of data subjects from the point of view of the LGPD
The General Data Protection Law (LGPD) came into force in Brazil in September 2020 and, even in 2022, 84% of companies in the country did not feel prepared to comply with the standard, according to research revealed by ICTS Protiviti.
The law brought several rights to data subjects, which represent all Brazilian citizens who assist some of these companies not to take the necessary precautions to protect this information or even deviate from their conduct in relation to the use of the personal data entrusted to them.
All rights in this sense are important, but access to personal data can be considered one of the most significant, as it allows the owner to know which of his information is being collected and treated, as well as for what purposes. This gives more transparency to the process and enables the data subject to make informed decisions about the use of personal data.
The portability right is also very relevant in this scenario, as it can be used, for example, when a holder is treated at a health institution and wants to take his/her medical data to another institution, so that who will assist him will know his medical history .
Other rights gained with the LGPD are: correction of incomplete, inaccurate or outdated data; deletion of data that is unnecessary, excessive or processed in violation of the LGPD; information about the use of personal data; revocation of consent for data processing; be informed about data sharing with third parties, and not be discriminated against for exercising these rights.
If, on the one hand, there are the guarantees of the holders, on the other hand, it is worth questioning how companies work in fulfilling their duties towards the owners of the information and the LGPD. They must inform holders about the use of their personal data, request consent for the processing of this information and respect the preferences and choices of owners regarding the use of these assets.
Organizations that manage to carry out data governance, that is, map, analyze and formalize the entire database and also apply technological solutions to receive requests from these holders, will be in compliance with the LGPD.
Otherwise, it may suffer various sanctions and penalties from the National Data Protection Authority (ANPD), which can range from warnings, through simple daily fines, to partial suspension of the database’s operation, which is even more serious than the financial penalties.
However, many Brazilians do not know that they have these rights. Therefore, it is important to inform yourself through reliable sources, such as government and non-governmental organizations websites and social networks, as well as through reliable means of communication. On the part of companies, it is worth pointing out to their customers about these rights and how to exercise them, either through formal or informal requests, in communications on their websites and public service locations. In this way, the institution can prove when it received, how and in how long it responded to such requests.
Being in compliance with the LGPD is not only guaranteeing protection against data leaks by cybercriminals, but also ensuring that holders have full power and knowledge over their information.