LGPD draws great inspiration from GDPR and CCPA, but there are two differences:
- Some anonymous data may be protected as “personal data” when used for profiling. Generally, anonymous data is exempt from LGPD, however, Article 12 states that it may be deemed “personal data” when it is used to enhance, build upon or create behavioral profiles about individuals.
- There are no incentives for data controllers to pseudonymize data – it is addressed under Article 13, which encourages public health research bodies to anonymize or pseudonymize health data.
So what do we do?
How do we comply with these new laws without killing the productivity of our company?
It’s time to use what we learned from GDPR.
When looking back on how we’ve fared when GDPR came into effect, Gartner finds businesses face the following challenges due to growing privacy laws:
- Global businesses are faced with new privacy compliance mandates within each major market.
- New and jurisdiction-specific privacy requirements are often addressed by costly independent projects with different approaches and levels of rigor.
- Ongoing monitoring efforts lack proactive and shared risk management plans, leading to redundant work and higher cost.
GDPR came into force on May 25th, 2018, meaning the 6 month-iversary was just a few weeks ago. You’d expect all businesses to gain compliancy in this time frame, however, a TrustArc study reports that by the end of 2018, only 76% EU, 76% U.K., and 68% U.S. businesses will be fully compliant.
So why the low numbers of expected compliancy? Well, it seems that many businesses have tried to adopt legacy solutions. These have been proven ineffective, as information is too far spread out. A poll done by Citrix found that the average large UK business was reliant on 24 systems to manage and store personal data, with 21% using over 40 systems to do so. This kind of data sprawl can make compliancy extremely difficult, as knowledge about the location of customer information is limited and accessing and distributing this data to customers who request it can be a lengthy and expensive task.
Continuous compliancy is key for a business to thrive in the new consumer privacy landscape – they need a solid foundation to build upon that enforces and facilitates compliancy privacy policies. Businesses need the next-gen solution, an all in one platform that strictly governs the security of the data, who can access it, and how it is distributed.
As we learned with GDPR, LGPD is all or nothing, and it is best organizations adopt proactive practices that cover all LGPD laws, not just a subset. Businesses need user-enabled, governance-enabled, up-to-date security for every data point, every time.
Ask us how Data443’s latest Privacy Manager™, ClassiDocs™, and ARALOC™ can support you!
#LGPDNoFear
