News and information about the Hard Tech world

Data Protection Laws: Information Security and the impacts on organizations around the world

by: Inmetrics in

| May 1, 2019 at 12:42 pm

The similarity of the GDPR and LGPD (Brazilian law for data protection) surpasses spelling with four-letter acronyms. A pioneer in regulation and data protection, General Data Protection Regulation (GDPR) is the European law implemented in May 2018. Its purpose is to protect all EU citizens against privacy and data breaches.

In Latin America, Brazil is falling behind regulations for data protection. The General Data Protection Act (LGPD), enters into force in 2020, as of August, and was created to fix parameters of the same matter of the European law. In Chile, data protection legislation was enacted in 1999, and in Argentina in 2000. Countries like Colombia and Uruguay are also advanced when it comes to information security. Regardless of the location of the decree, laws indicate that data protection is a worldwide necessity and trend.


According to Wired, it was this year that the biggest data breach in history happened! Nicknamed “Collection # 1” the invasion hit nearly 800 million emails and passwords, totaling 2,692,818,238 lines from thousands of different sources. The invasion, which was reported by digital security expert Troy Hunt, presented more than 12,000 files, with 87 gigabytes of data, posted on a hacker forum. It involved 772,904,997 unique email addresses plus more than 21 million unique passwords, outpacing the hacks of Equifax and Yahoo leaks by an extremely significant margin.

Cases of information security breaches such as those reported by Hunt, Equifax and Yahoo, are more frequent than we imagine. Only in 2018 did Business Insider publish a list of the 21 largest reported breaches episodes ranked according to the number of users affected.

For the Brazilian organizations, with LGPD, in addition to adapting to a new reality of information security, knowing the legislation will be essential. No matter how distant it may seem, December 2020 is not a long term for all the obligations and responsibilities created by the LGPD to be met – there is enough to be done in order to adapt to the rules of the new Brazilian law.


Unlike the European reality, which implemented General Data Protection Regulation (GDPR) after creating a culture of discussion between organizations on the subject, the Brazilian market will not have much time until the new regulation. Even if behind closed doors, there is a rush and a business concern for an adaptation.

If information security, security breaches and LGPD are still distant themes for your company, keep in mind two essential steps for you to include in the backlog.

First step

It is necessary to know the legislation. The law makes some definitions very clear, such as:

  • Personal data is the information related to the person identified or identifiable;
  • Sensitive personal data is information of racial / ethnic, religious, political, philosophical, health, sexual, genetic or biometric origin;
  • Holder is the person to whom the personal data refer;
  • Controller is the person who makes decisions about the processing of personal data;
  • Operator is the person who treats personal data on behalf of the controller;
  • Treatment is the collection, processing, storage, disposal, among many others.

Second step

In order to assist in the education of information security, it is essential that companies have reliable partners, reviewing contracts, daily monitoring of the management of such information and being compliant the new rules.

Furthermore, make sure to stay compliant with privacy and security regulations, manage and control cyber threats effectively, ensure security and privacy across the digital chain (services, applications, data, infrastructures and terminals) and control the impacts of any security or data breach.

Even giants like Google, Microsoft and Facebook are not safe from security breaches that can expose the sensitive data of their users. Worried? To see if you have had your personal data stolen, click here. And if you still have doubts about whether your company is prepared to implement the new data protection law, get in contact with us.


Written by

Danilo BarsottiDiretor de Cybersecurity & Cloud Computing