According to the Federal Data Processing Service (Serpro), in an attempt to bring more legal security to citizens in Brazil, the LGPD establishes:
It does not matter whether an organization's headquarters or data center are located in Brazil or abroad: if there is processing of content from people, Brazilian or not, who are in the national territory, the LGPD must be complied with.
International data sharing with agencies :
Sharing data with international organizations and other countries is permitted, provided that this occurs using secure protocols and/or to comply with legal requirements.
Consent :
The citizen's consent is the basis for personal data to be processed. There are, however, some exceptions.
It is possible to process data without consent if this is essential to:
Comply with a legal obligation;
Implement public policy provided for by law;
Carry out studies via a research body;
Execute contracts;
Defend rights in proceedings;
Preserve a person's life and physical integrity;
Supervise actions carried out by professionals in the brazil whatsapp data health or sanitation sectors;
Prevent fraud against the holder;
Protect credit;
Or meet a legitimate interest, which does not violate the fundamental rights of the citizen.Automation with authorization.
The law provides several guarantees to citizens, who can, for example, request that data be deleted, revoke consent and transfer data to another service provider.
Data processing must be carried out taking into account certain issues, such as purpose and need, which must be previously agreed upon and communicated to the citizen.
Impacts of LGPD on the Contact Center
According to Tactium's legal advisor, Patrícia Campos, companies, in general, will be able to continue to collect and process personal data.
“However, they must establish a specific purpose for the processing. In addition, they must take measures to protect this data – both technical (systems, software, etc.) and administrative (policies, training, etc.),” he states.
Regarding the main changes to the LGPD in the Contact Center, Patrícia states that they mainly concern the internal policies of each company, with the need to inform and train employees so that they can correctly process data.
“It is from this treatment (correct or not) that demands may arise.”
She highlights that, based on the analysis of the data, some changes will be necessary. They are:
Correction of incomplete, inaccurate or outdated personal data;
Anonymization, blocking or deletion of unnecessary, excessive personal data or data processed in non-compliance with the LGPD;
Portability of personal data to another product or service provider;
Deletion of data processed with your consent, among others that will depend on the area of activity of each company.