Lei Geral de Proteção de Dados Pessoais (LGPD)

Brazil’s General Data Protection Law, the Lei Geral de Proteção de Dados Pessoais (LGPD), is effective as of September 18th, 2020. The LGPD creates significant new privacy rights for Brazilian consumers as well as new obligations for companies that process their personal information. LexisNexis® Risk Solutions Group designs its services to meet customer needs while upholding security and data privacy. We see the LGPD as a continuation of our current commitment to data protection globally.

 

LGPD FAQs


General FAQs

The Lei Geral de Proteção de Dados Pessoais – LGPD (Law 13.709, from 2018), is effective as of September 18th, 2020. The LGPD aims to protect fundamental rights related to the informational sphere of Brazilian citizens. As such, the Law introduces a series of new rights that ensure greater transparency regarding the processing of data and provides individuals with more control over their personal information. The LGPD brings the opportunity to improve data governance policies, with the adoption of best practices and the incorporation of technical and administrative measures that mitigate risks and increase data subjects' confidence in the organization. For further information see: https://www.gov.br/anpd/pt-br/acesso-a-informacao/perguntas-frequentes-2013-anpd.
LexisNexis® Risk Solutions Group has developed an LGPD compliance program covering our personal data assets and holdings to ensure continued best data practices and to address the requirements and spirit of LGPD.

LexisNexis® Risk Solutions Group provides our business customers with tools that allow them to analyze and predict risk in several different business sectors. For example, some of our products help insurers price motor insurance policies, while others assist financial institutions and other businesses in complying with anti-money laundering regulations, identity management, fraud prevention and investigation, and tracing for debt collection and asset reunification purposes. Many of these tools rely on personal data that we obtain from public sources and other non-publicly available sources. Our Processing Notices give more information about this. They also explain the sources from which we obtain personal data as well as the rights individuals must access their personal data, correct inaccurate data and to object to our use of personal data for these purposes. For more information about our privacy practices, business lines, and how we process personal information, please consult our Privacy Policy and our Processing Notices listed below.

Privacy Policy

Processing Notices
Insurance Services
Business Services
ThreatMetrix
Emailage
Accuity
EG
Cirium
We will continue to monitor regulatory developments and keep you informed of any changes to our product and service offerings, including changes that may be made to ensure LGPD compliance.
We are committed to complying with the requirements for international transfer of personal data under the LGPD. We will adapt our adequacy arrangements as required by the Law and any future changes expected from the Autoridade Nacional de Proteção de Dados (ANPD). The ANDP is responsible for, among other things, ensuring the protection of personal data, supervising and applying sanctions if the processing of data is carried out in violation of the Data Protection Law, and requesting information at any time from the controllers and processors of personal data who carry out personal data processing operations.

 

Consumer FAQs

The Lei Geral de Proteção de Dados Pessoais (LGPD) came into effect on September 18th, 2020 and was designed to:

  • Protect fundamental rights related to the informational sphere of Brazilian citizens.
  • Introduce a series of new rights that ensure greater transparency regarding the processing of data and provides individuals with more control over their personal information.
  • To place Brazil on the same level as many other countries that have already passed data protection laws and institutional structures of this nature.
  • To improve data governance policies, with the adoption of best practices and the incorporation of technical and administrative measures that mitigate risks and increase data subjects' confidence in the organization.

The LGPD provides for a wide range of rights for data subjects, among which the following can be highlighted:

  • Easier access to information about the processing of your data, which must be made available in a clear, appropriate, and conspicuous way.
  • Confirmation of the existence of processing.
  • Access to data.
  • Correction of incomplete, inaccurate, or out-of-date data.
  • Anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD.
  • Portability of data to another service or product provider, through express request, in accordance with the regulations of the national authority, and subject to commercial and industrial secrets.
  • Deletion of personal data processed with the consent of the data subject, except in the situations provided in art. 16 of the LGPD.
  • Information about public and private entities with which the controller has shared data.
  • Information about the possibility of denying consent and the consequences of such denial.
  • Revocation of consent, upon express manifestation of the data subject, by free and facilitated means.
  • Petition, regarding your data, against the controller before the ANPD and before consumer protection bodies.
  • Oppose the processing carried out based on one of the situations of waiver of consent if there is noncompliance with the provisions of LGPD.
  • Request for the review of decisions made solely based on automated processing of personal data affecting your interests, including decisions intended to define your personal, professional, consumer and credit profile, or aspects of your personality.
  • Whenever requested to do so, the controller shall provide clear and adequate information regarding the criteria and procedures used for an automated decision, subject to commercial and industrial secrecy.
  • Obtain, upon request, clear and adequate information regarding the criteria and procedures used for an automated decision, subject to commercial and industrial secrecy.
In accordance with our Privacy Policy, if you wish to exercise any of your privacy rights, please contact us. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.

If you have any questions, comments, complaints, or requests regarding our processing of your information, please contact:

Data Protection Officer
LexisNexis Risk Solutions Group
Global Reach
Dunleavy Drive
Cardiff CF11 0SN
UK
DPO@lexisnexisrisk.com

 

Customer FAQs

We will continue to monitor regulatory developments and keep you informed of any changes to our product and service offerings, including changes that may be made to ensure LGPD compliance.
LexisNexis Risk Solutions Group will work with you to ensure that our relationship and activities together continue to address Data Protection Laws including LGPD and protect your best interests.
As part of our LGPD efforts, our LGPD compliance team will review contracts and identify any required changes as regulators issue additional guidance.
Our contracts have robust data protection, privacy, and data security provisions. We may need to update some contracts after regulators provide additional guidance and as case law starts to evolve.
For additional information on the LGPD, refer to the following website maintained by the Autoridade Nacional de Proteção de Dados (ANPD): https://www.gov.br/anpd/pt-br/.