Data-driven Compliance Automation for Brazil LGPD
Lei Geral de Proteção de Dados (LGPD)
Brazil’s Data Protection Law (Lei Geral de Proteção de Dados or LGPD) establishes a set of obligations for companies processing personal data or using the data to provide services in Brazil, as well as a comprehensive set of individual data rights that incorporate explicit consent for specific purposes of processing.
LGPD also expands the definition for what data should be protected, including categories of sensitive data that require stronger protection. BigID is the first product to apply identity intelligence and smart correlation to these new privacy protection challenges – enabling companies to prepare, operationalize and automate their path to LGPD compliance.
Personal Data Discovery
BigID uses innovative correlation and identity intelligence to discover and classify personal data of all types, helping to uncover “dark data”, build identity profiles, and find personal data in accordance with article 5 of LGPD.
Build a PI/PII inventory for identity subjects that satisfy LGPD right to access, right to delete, and data processing – delivering an accurate and scalable method focused on personal and sensitive data in order to satisfy LGPD requirements at scale.
Automate Data Subject Rights
BigID automates the process of data rights requests and privacy preferences from start to finish, enabling organizations to easily respond to and manage their customers’ personal data privacy rights.
Evaluate, validate, and report on consent per data subject. The BigID consent management console delivers a consolidated view into consent collection, status and validity, structured by data individual data subject, and per application.
Data Breach Assessment
BigID enables organizations to better understand their data breach risk and orchestrate security controls – and can help organizations accurately determine impacted users following a data breach, while simplifying incident response.
Data Processing and Reporting
BigID can document and represent system-level data processing activities , as well as personal data inventory, serving as a functional baseline for the legal basis for processing and purpose for processing.