GDPR - Compliance

Cambridge Analytica Case

A psychological test by Cambridge professor Aleksandr Kogan and produced by Global Science Research was responsible for collecting personal data from millions of test takers and their friends on the social network Facebook.

The data collection scheme was due to a breach of Facebook’s terms and conditions that said no data collected by the social network could be sold, but did not apply the same restriction to applications that used the social network, as was the case with this psychological test.

What is GDPR?

General Data Protection Regulation – GDPR
Law no. 13,709 of August 14, 2018 and Provisional Measure no. 869 of 12/27/2018.

Sanctioned to increase the privacy of personal data and the power of regulators to oversee organizations; It creates clear rules about processes for collecting, storing and sharing information.

TO WHOM DOES IT APPLY?

GDPR applies to any person – natural or legal – governed by public or private law who performs the processing of personal data, that is, performs activities that use such data (collection, storage, sharing, deletion…) including in digital media. It also extends to a company’s subcontractors such as: technology suppliers and partners

WHEN WILL IT COME INTO FORCE?

August 2020

WHAT ARE THE MAIN POINTS?

Personal Data Protection

Project includes People, Process, Technology and Legal

Compliance with good practices

Compliance of current maturity with best practices Best practices: ISO 27001 | ISO 27002 | ISO 27004 | ISO 27005 | ISO 27014 | ISO 27701|ISO 29100 |ISO 29134 | ISO 29151 | ISO 27032 | ISO 31000

PENALTIES

The law establishes the penalties applicable to non-compliance with the rules set forth therein, ranging from warning to fines (which may be daily) of up to 2% (two percent) of the company’s revenues up to the limit of R$ 50 million for infringement.