You may have seen the option to accept or reject cookies when you visit a website. Or perhaps you’ve received a marketing email from a store or brand with the following sentence at the end: “Do you wish to unsubscribe from these emails?”. These are just some of the situations in which the General Data Protection Act is present in interactions between companies and consumers.
In general, the law was passed to protect personal data, which is constantly requested and stored by companies and institutions, from the simplest and most mundane information, such as telephone numbers and e-mail addresses registered on websites, to the most comprehensive, such as ID, CPF and sensitive data, such as biometrics, racial origin, etc. The law has basic principles that also govern the collection of this data, requiring the organization to present a purpose, suitability and need for collecting it.
Contrary to what many people think, the LGPD does not guarantee total privacy of this information, but the management and protection in your transactions. For consumer purposes, for example, such as marketing, the law allows the data provided to be used, provided there is prior consent from its owner and that the use falls within its other requirements.
How does the General Data Protection Law work from company to company?
In Business to Business integrations, i.e. business between companies, it is also necessary for the traffic of this data to be carried out in accordance with the law. But in order for this to happen, companies must establish ways to guarantee full control over the management of personal information shared within their B2B chain, and adopt actions that bring their activities into line with the rules laid down by law, such as reviewing their current database; creating or updating terms of use and privacy policies, and orienting and training the professionals involved in capturing and processing this information.
In practice, in addition to legal controls such as the confidentiality agreement, Scooto also brings transparency to the mapping of the operation, defining which data will be accessed and the purpose for working with it. Auditable tools and access controls, such as two-factor authentication, even IP and facial or voice recognition, are also monitoring actions adopted to guarantee the protection of our clients’ sensitive information.