LGPD as a basis for adaptation to micro and small companies in the northwest of São Paulo

Abstract

The General Personal Data Protection Law (LGPD – Law No. 13,709, of August 14, 2018) was created, above all, with the intention of preserving and regulating the control of personal data. In addition, before its elaboration, there was no effective processing of personal data in the Brazilian legal system, which is facing a business scenario that has been rapidly shaping itself to technologies and therefore it is necessary for companies to review their operations involving personal data. In addition, in view of the significant growth of micro and small businesses in the Southeast region of the country and the predominance of this type of company in the northwest region of São Paulo, it is essential to analyze the most efficient way to comply with the new rules of the LGPD, through the present work. According to the law, companies must treat consumers' personal data in a careful and transparent manner, establishing policies for consumer protection, human rights, dignity and the exercise of citizenship by natural persons. Thus, the main objectives of this study are to understand what is the legal object protected by the General Data Protection Law in Brazil and its applicability by companies, in addition to setting up a base plan of adequacy that can be used both by entrepreneurs who are starting business activity, and for those who have not yet adapted. The methodology applied was the bibliographic and documentary research, seeking bibliographies, jurisprudence and theoretical analysis, involving databases consulted for the elaboration of this work, in order to find and discuss the legal object protected by the LGPD, in addition to making use of the deductive method to achieve the system of contractual clauses of the adequacy plan. From the research carried out, it was reached the result that the legal object protected by the LGPD is personal data and that they are part of the list of Fundamental Rights, entering the concept of privacy listed in article 5, item X of the Federal Constitution. In addition, according to the research found in this work, it was possible to observe that most companies are still unaware of the LGPD, although the law has been in force since September 2020, which can harm the entrepreneur if data leakage occurs. Thus, companies need to protect themselves from alleged data leaks and civil liability, and must have a contract model to ensure the security of their business, as well as the data subject. It is concluded that the law came to protect personal data, provide foundations on the correct form of protection and necessary adaptations, in addition to promoting the economic and technological development of the administration of legal entities.