9 rights guaranteed in the LGPD to data subjects
LGPD (Brazilian General Data Protection Law) was created to regulate the use of personal and sensitive data by companies and public organizations. One of the essential points of the law is precisely about what rights data subjects have.
In other words, we can say that LGPD empowers the user or customer. In practice, you, as the data subject, can better control its use.
Knowing and demanding your rights as a data subject will be fundamental for the LGPD to be fulfilled.
We all know that the use of personal data has become an indispensable growth tool for companies. This is how, for example, they personalize offers and services, better define their target audiences, and even select candidates for job openings.
The point is that the use of personal data has almost always been done in a unilateral and often abusive manner, without explicit and precise consent. And it’s precisely at this point that the LGPD acts on.
Table of Contents
Check out rights guaranteed by LGPD
The excerpt of the law dealing with the “Rights of the Data Subject” is Chapter III, more precisely Art. 18. We will now see in detail what rights data subjects have.
1. Confirmation that data processing exists
The data subject has the right to know if and how the company treats his information. For example, where the data is stored, in what way, and for what purpose.
2. Access to data
The data subject has the right to access the data held by the company. That way, he can know precisely what types of data are in the company’s possession.
3. Correction of incomplete, inaccurate, or outdated data
The data subject has the right to demand changes and updates in incomplete, inaccurate, or outdated data.
4. Anonymizing, blocking, or deleting data
According to the LGPD, the data subject has the right to request that unnecessary or non-compliant information be temporarily suspended, anonymized, or even deleted.
5. Data portability
The data subject has the right to request that his data be transferred to another service or product provider, respecting the rules imposed by the national authority, called ANPD (National Data Protection Authority), which is the entity responsible for applying the law.
6. Exclusion of personal data
According to the LGPD, the data subject has the right to require that his information be deleted and no longer used, except in some specific cases. For example, when the company needs to keep the data to comply with another law or regulation.
7. Information about data sharing with other companies
The data subject has the right to know with which other companies and organizations, whether public or private, his information has been shared.
8. Information about the possibility of not providing data
The data subject has a guaranteed right in the LGPD to request information from the company when he doesn’t wish to provide his data, and what are the consequences behind it.
9. Withdrawal of consent
The law says that the data subject can revoke consent concerning the processing of his data at any time.
As we can see, there are numerous rights foreseen in the LGPD that protect the data subject. But it’s essential to be clear that there may be exceptions. After all, no law protects just one side. They are created to generate balance, at least in theory.
There are cases where your data may be processed and maintained without your permission. The law also points out that the company may not provide access to the data, for example, when it directly involves trade and industrial secrets.
Here, at Gatefy, we have email security solutions that help companies comply with LGPD and other regulations, protecting data. If you want to know more, get in touch.