Did you know that even MEIs, micro and small business owners must follow the General Data Protection Law?
- Miscellaneous
- Equipe Editorial
In Brazil, it is common for supermarkets, stores, pharmacies, and other establishments to request CPF, telephone number, and other information for customer registration — often as a condition for offering discounts.
BUT BE CAREFUL: simply requesting and storing this data creates legal obligations for the business, in accordance with the GENERAL DATA PROTECTION LAW (LGPD).
And do you know what information is considered personal data?
- Name;
- CPF;
- Telephone;
- E-mail;
- Address;
- Date of birth;
- Financial and banking information;
- Personal documents;
- Images.
In practice, a lot of data ends up being exposed within companies, with no control over who accesses it or how it is used, which can lead to its misuse, not necessarily due to bad faith, but due to a pure lack of awareness of how to deal with this type of information.
Few establishments realize that a simple leak or fraud can have serious consequences: heavy fines, legal sanctions, and, worst of all, the loss of customer trust—something that is often impossible to recover.
- Data leaks;
- Misuse of information;
- Complaints, reports to the ANPD (National Data Protection Authority) and legal proceedings.
In other words, if a breach occurs, the company could be held liable, face fines, and lose customer trust—one of the most valuable assets for any business.
What does the LGPD determine?
The LGPD (Lei Geral da Proteção de Dados) – Brazil’s General Data Protection Law, requires that every company, regardless of size, protect the personal data it collects, stores, or shares.
If there is a leak, misuse or lack of protection, the company may be penalized.
The penalties provided for in the LGPD?
- Fines of up to 2% of the company’s annual revenue, limited to R$50 million per violation;
- Suspension or blocking of activities involving personal data;
- Obligation to delete data collected irregularly;
- Serious damage to the company’s image and reputation, with the consequent loss of customer trust.
⚠️ IMPORTANT:
How to protect your company?
- Establish secure data collection and use practices;
- Avoid fines and lawsuits;
- Protect your business reputation;
Reference Sources: Information based on Law No. 13,709/2018 (LGPD), Art. 52 of the legislation and the guidelines of the National Data Protection Authority (ANPD), including Resolution CD/ANPD No. 2/2022.
Related content
Test Maturity Assessment Model: See Where Your Company Stands
3 technical pillars to support digital transformation with quality
