Follow on Google News
LGPD-Finality, suitability and necessity in the context of credit bureaus
Since the LGPD (General Personal Data Protection Law), the credit bureaus has developed numerous initiatives to show how it is in line with the new legislation.
Credit bureaus handle personal data, which is all data relating to an identified or identifiable natural or physical person. So, also with the aim of clarifying how the principles of the LGPD are followed in the processing of data by the sector, I published a series of articles in the media e in this LinkedIn space.
In order to understand each of these principles, it is important to clarify that, in relation to data processing, Article 7 of the LGPD provides for ten legal bases or hypotheses for processing, without there being any hierarchy. In most of their activities, credit bureaus use the legal basis of item X: credit protection, including in line with the Positive Registry law.
In this article, in which I discuss the principles of purpose, appropriateness and necessity, I conclude the analysis of how the 10 principles of the LGPD are applied by the sector.
The principle of purpose ensures that data processing is carried out for specific, legitimate, explicit and informed purposes. This means that the data subject must be provided with clear and objective information about the purpose of the processing, and that it must be carried out in accordance with the law.
The principle of suitability establishes that there will be no distortion of the purpose defined for the processing of personal data. The data will be processed in accordance with the legitimate purpose for which it was collected.
The principle of necessity concerns the limitation of processing to the minimum necessary to fulfill the purpose. Therefore, in order to prepare and maintain the credit rating, the database manager will only use information that is relevant to assessing credit risk, in accordance with the relevant legislation.
As has been shown in the articles written since the LGPD came into force, the credit protection services sector is committed to all its principles. And aware that it is essential that the National Data Protection Authority (ANPD) is in place because the LGPD has numerous provisions that need regulation or guidance from the competent Authority.
For the sector, without the strategic and educational guidance of this Authority, the multiple interpretations of other public spheres will tend to cause legal uncertainty and many lawsuits, which could be avoided in most cases by prior instructions and guidance from the Authority. Also in the industry's view, the implementation and standardization of the LGPD in the country should take place under the coordination of the ANPD and as a result of an extensive process of public consultations and regulatory and economic impact analyses, avoiding monocratic and one-off decisions.
Thanks for reading! Access other content at ANBC website.
By: Elias Sfeir President of ANBC & Member of the Climate Council of the City of São Paulo & Certified Advisor
