Guidelines for Handling Data Corrections and Updates Under Lgpd

by

The Lei Geral de Proteção de Dados (LGPD) is Brazil’s comprehensive data protection law, enacted in 2018. It establishes rules for how organizations must handle personal data, emphasizing transparency, security, and individual rights. One critical aspect of LGPD compliance is managing data corrections and updates effectively.

Understanding Data Corrections and Updates

Data corrections refer to the process of rectifying inaccuracies or outdated information in a data subject’s records. Updates involve modifying data to reflect new or changed information. Under LGPD, organizations must ensure that data is accurate and up-to-date, respecting the rights of data subjects to access and correct their data.

Key Principles for Handling Data Corrections

  • Transparency: Inform data subjects about their rights and how they can request corrections or updates.
  • Accuracy: Keep data current and correct errors promptly.
  • Security: Protect data during correction processes to prevent unauthorized access or leaks.
  • Accountability: Maintain records of correction requests and actions taken.

Procedures for Managing Data Corrections

Organizations should establish clear procedures for handling correction requests. These include verifying the identity of the requester, assessing the validity of the correction, and updating the data securely. It is essential to respond within the timeframe specified by LGPD, typically within 15 days.

Steps to Follow

  • Receive and log the correction request.
  • Verify the identity of the data subject to prevent fraudulent requests.
  • Assess the validity of the correction based on available data.
  • Update the data securely in the system.
  • Notify the data subject once the correction is completed.
  • Document all actions for accountability and audit purposes.

Best Practices for Compliance

  • Implement user-friendly channels for correction requests, such as online forms or customer service portals.
  • Train staff on LGPD requirements and internal procedures for data corrections.
  • Maintain detailed logs of all requests and actions taken.
  • Regularly review and update data management policies to ensure ongoing compliance.
  • Use secure systems to prevent unauthorized data modifications.

By following these guidelines, organizations can ensure they handle data corrections and updates in compliance with LGPD, respecting data subjects’ rights and maintaining trust.