Cybersecurity and LGPD: how to be in compliance?

6 trillion dollars! This is the amount of financial loss caused by cybercrime until 2021, according to the Global Risks Report 2020, prepared by the World Economic Forum. And money is just one of the harm cyberattacks can do.

There are also other losses with these invasions: reputation, privacy, confidentiality, trust. But these are more difficult to quantify, even because the size of the impact is different for each of those affected.

But one thing is certain: people and companies are increasingly less tolerant of improper disclosure of their sensitive information. For this reason, in 2018, Europe created the GDPR (General Data Protection Regulation) and, since 2020, the LGPD (General Data Protection Law) has been in force in Brazil.

Because of this, investing in cybersecurity has become a necessity, not only to protect the data itself, but also to preserve the information of people who are in some way connected to the company, such as employees, customers and suppliers.


The General Data Protection Law (Act 13.709/18) concerns the “handling of personal data, including in digital media, by a natural or legal person under public or private law with the aim of protecting the fundamental rights of freedom”. and the private sphere and the free development of the personality of the natural person”.

In plain words, this means that companies are legally responsible for any data they collect, and if for any reason that personal data is made public without prior authorization, it means that the organization is disregarding the fundamental rights of citizens. Because of this, the company has a statutory penalty even if the person responsible for disclosing sensitive information is a third party, such as a hacker.

In the event of unauthorized data loss, the organization will be fined up to 2% of its turnover and subject to the maximum limit of 50 million reais. These administrative sanctions will take effect as of August 1, 2021. Thus, the care with the corporate network has to be doubled and the investment in cybersecurity by companies becomes inevitable.

Where to start cybersecurity?

A good first step is to understand that ongoing security management is necessary so that you can prevent cybersecurity-related incidents no matter where your company’s sensitive information is stored: on your office computer or on a cloud server.

You also need to watch out for system security loopholes as these can be exploited during cyber attacks. The management of vulnerabilities requires constant mapping – consisting of the steps of identifying errors, analyzing and classifying the degree of risk of exploiting these vulnerabilities – and measures to remedy security weaknesses that enable predictive action strategies to protect data.

Finally, make sure you can count on a Security Operations Center (SOC) made up of professionals who specialize in cybersecurity to support the company any time of the day or night. This cyber defense center acts preemptively to block threats that compromise the integrity, availability, and confidentiality of company information.

However, if you want to learn more about how cybersecurity services can help your business comply with the LGPD, reach out to an Ativer! Our team will be able to develop the best solution to protect your data and that of the people and companies associated with your company.

Leave a Comment

Your email address will not be published. Required fields are marked *