MATCHING THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA - THE GREAT EXAMPLE GIVEN BY THE UNITED KINGDOM'S DATA PROTECTION AUTHORITY (ICO)

September 27, 2021

One of the biggest challenges for a company's adequacy projects to personal data protection's legislation is matching the processing of certain personal data in any legal basis available in the law; depending on the country and, consequently, on its local law, there is not even the possibility of choosing a legal basis for matching, as occurs, for example, in the USA. However, this difficulty affects both Brazil and most European countries.

As the Brazilian Data Protection Act (LGPD) has been in force for only 1 year and its penalties have come into effect just over 30 days ago, the greatest examples of this difficulty in matching turn out to come from the old world. It is impressive the amount of penalties that are imposed by national data protection authorities, in the respective European countries, to companies that, according to such authorities, inadequately match the processing of such personal data and, therefore, are penalized for violating the law.

Thus, the National Data Protection Authority in the United Kingdom (Information Commissioner's Office - ICO) created an interactive online tool to help those seeking guidance in matching the processing of personal data in some of the legal bases provided for in the GDPR, European data protection act, to which the United Kingdom was a signatory before its separation from the European Union.

In order to use this service free of charge, the user must access the website https://ico.org.uk/for-organisations/gdpr-resources/lawful-basis-interactive-guidance-tool/.

Upon entering, the user already finds a preset questionnaire with the following questions, as set below:

PAGE QUESTION ANSWERS 
Page 1 - Agreement Do you have or intend to enter into an agreement with the individual? a) Yes, b) No, c) I do not know 
Page 2 - Legal Obligation Are you processing this personal data to comply with any law? a) Yes, b) No, c) I do not know, d) Somehow 
Page 3 - Vital Interests Are you processing this personal data to save or protect someone's life? a) Yes, b) No, c) I do not know, d) Somehow 
Page 4 - Public Activity Are you processing this personal data to carry out your public activity or function or other specific activities of public interest? a) Yes, b) No, c) I do not know, d) Somehow 
Page 5 - Consent Do you want to give individuals the power to decide whether or not you can process their data? a) Yes, b) No, c) I do not know, d) Somehow 
Page 6 - Legitimate Interest Are you satisfied with taking full responsibility for processing personal data? a) Yes, b) No, c) I do not know, d) Somehow 

After submitting the results, according to the answer, a justification is presented for which legal basis or bases the user should carry out the matching of the processing of personal data; if the user has answered that he does not know or somehow, the authority instructs him to identify what would be needed to validate your choice of framing.

In this way, ICO makes the user navigate through the 6 legal bases provided for in the GDPR for matching the processing of personal data. It is a simple but very useful initiative, considering that, just as there are large corporations with many resources to seek adequate advice that can show the way, there are many companies that do not have adequate resources and have great difficulty in trying to understand and apply the law. ICO really deserves congratulations for the initiative.

Something similar could be done in Brazil, keeping the proportions as to the differences foreseen between the legislations, since here we have 10 legal bases for matching the processing of common personal data, 8 legal bases for matching the processing of sensitive personal data and also a differentiated matching for the processing of personal data of children and adolescents -- in this case, there is still controversy regarding the understanding over the applicability if only for children or if also for adolescents, since the lawmaker was unfortunate in its corresponding wording.

No items found.

RECENT POSTS

ANVISA Aprova a Regulamentação de Biossimilares

June 18, 2024

Conselho Europeu Aprova Lei sobre a Inteligência Artificial

May 29, 2024

ANPD Aprova Regulamento de Comunicação de Incidente de Segurança

May 8, 2024

ANVISA Approves the Regulation of Biosimilars

June 18, 2024

European Council Approves Legislation on Artificial Intelligence

May 29, 2024

ANPD Approves Regulation on Security Incident Reporting

May 8, 2024

New Rules on Monetary Correction and Interest Rates

July 18, 2024

The Importance and Use of the Limitation of Liability Clause

April 19, 2024

The Unpredictability and the Excessive Burden Theories

April 1, 2024

LINKEDIN FEED

Newsletter

Register your email and receive our updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Newsletter

Register your email and receive our updates-

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

MATCHING THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA - THE GREAT EXAMPLE GIVEN BY THE UNITED KINGDOM'S DATA PROTECTION AUTHORITY (ICO)

September 27, 2021
No items found.

One of the biggest challenges for a company's adequacy projects to personal data protection's legislation is matching the processing of certain personal data in any legal basis available in the law; depending on the country and, consequently, on its local law, there is not even the possibility of choosing a legal basis for matching, as occurs, for example, in the USA. However, this difficulty affects both Brazil and most European countries.

As the Brazilian Data Protection Act (LGPD) has been in force for only 1 year and its penalties have come into effect just over 30 days ago, the greatest examples of this difficulty in matching turn out to come from the old world. It is impressive the amount of penalties that are imposed by national data protection authorities, in the respective European countries, to companies that, according to such authorities, inadequately match the processing of such personal data and, therefore, are penalized for violating the law.

Thus, the National Data Protection Authority in the United Kingdom (Information Commissioner's Office - ICO) created an interactive online tool to help those seeking guidance in matching the processing of personal data in some of the legal bases provided for in the GDPR, European data protection act, to which the United Kingdom was a signatory before its separation from the European Union.

In order to use this service free of charge, the user must access the website https://ico.org.uk/for-organisations/gdpr-resources/lawful-basis-interactive-guidance-tool/.

Upon entering, the user already finds a preset questionnaire with the following questions, as set below:

PAGE QUESTION ANSWERS 
Page 1 - Agreement Do you have or intend to enter into an agreement with the individual? a) Yes, b) No, c) I do not know 
Page 2 - Legal Obligation Are you processing this personal data to comply with any law? a) Yes, b) No, c) I do not know, d) Somehow 
Page 3 - Vital Interests Are you processing this personal data to save or protect someone's life? a) Yes, b) No, c) I do not know, d) Somehow 
Page 4 - Public Activity Are you processing this personal data to carry out your public activity or function or other specific activities of public interest? a) Yes, b) No, c) I do not know, d) Somehow 
Page 5 - Consent Do you want to give individuals the power to decide whether or not you can process their data? a) Yes, b) No, c) I do not know, d) Somehow 
Page 6 - Legitimate Interest Are you satisfied with taking full responsibility for processing personal data? a) Yes, b) No, c) I do not know, d) Somehow 

After submitting the results, according to the answer, a justification is presented for which legal basis or bases the user should carry out the matching of the processing of personal data; if the user has answered that he does not know or somehow, the authority instructs him to identify what would be needed to validate your choice of framing.

In this way, ICO makes the user navigate through the 6 legal bases provided for in the GDPR for matching the processing of personal data. It is a simple but very useful initiative, considering that, just as there are large corporations with many resources to seek adequate advice that can show the way, there are many companies that do not have adequate resources and have great difficulty in trying to understand and apply the law. ICO really deserves congratulations for the initiative.

Something similar could be done in Brazil, keeping the proportions as to the differences foreseen between the legislations, since here we have 10 legal bases for matching the processing of common personal data, 8 legal bases for matching the processing of sensitive personal data and also a differentiated matching for the processing of personal data of children and adolescents -- in this case, there is still controversy regarding the understanding over the applicability if only for children or if also for adolescents, since the lawmaker was unfortunate in its corresponding wording.

Related
No items found.

ABOUT US

Licks’ Blog provides regular and insightful updates on Brazil’s political and economic landscape. The posts are authored by our Government Affairs & International Relations group, which is composed of experienced professionals from different backgrounds with multiple policy perspectives.

Licks Attorneys is a top tier Brazilian law firm, speciallized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

ABOUT US

Licks Attorneys Compliance’s Blog provides regular and insightful updates about Ethic and Compliance. The posts are authored by Alexandre Dalmasso, our partner. Licks Attorneys is a top tier Brazilian law firm, specialized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

QUEM SOMOS

O blog Licks Attorneys Compliance fornece atualizações regulares e esclarecedoras sobre Ética e Compliance. As postagens são de autoria de Alexandre Dalmasso, sócio do escritório. O Licks Attorneys é um escritório de advocacia brasileiro renomado, especializado em Propriedade Intelectual e reconhecido por seu sucesso em lidar com grandes e estratégicos cases no país.

Follow Us on Social Media

Offices

Rio de Janeiro

Av. Oscar Niemeyer, 2000
9th floor, Aqwa Corporate
Rio de Janeiro RJ - Brazil
20220-297
Phone: +55 21 3550 3700
Fax: +55 21 3956 9444
info@lickslegal.com

Sao Paulo

Rua George Ohm, 230
Tower A CJ 112/113
Sao Paulo SP - Brazil
04576-020
Phone: +55 11 3033 3700
info@lickslegal.com

Brasilia

SH/Sul Zone 06, Unit A,
Complexo Brasil 21, Block E,
Rooms 515 and 516 – Asa Sul
Brasilia DF - Brazil
70316-902
Phone: + 55 61 3772 3700
info@lickslegal.com

Curitiba

Rua da Glória, 251, #601
Centro Cívico
Curitiba - Brazil
80030-060
Phone: + 55 41 2391 0680
info@lickslegal.com

Tokyo

Chiyoda Kaikan Bldg, 6F, 1-6-17
Kudan Minami Chiyoda-Ku
Tokyo - Japan
102-0074
Phone:+81 3 6256 8972
Fax:+81 (03) 6740 1453
japan@lickslegal.com

© Copyright 2024 Licks Attorneys

Selo COVID-19 FIRJAN e Albert Einstein
Covid-19 Safe Certified Office