iResearch and Brazil’s LGPD

What Is the LGPD?

The Brazilian General Personal Data Protection Law 13709/2018 (LGPD), which came into force in August 2020, is designed to strengthen personal data protection and establish a structured framework for collecting, processing, using, and sharing (known as “processing operations”) personal data. The LGPD has extraterritorial application and affects both organizations established in Brazil and organizations located outside of Brazil that offer goods or services to individuals located in Brazil.

Like the EU GDPR, the LGPD defines and distinguishes between two types of roles and responsibilities regarding the processing of personal data: “data controller” and “data processor.”

A data controller is in charge of making decisions regarding the processing of personal data, while a data processor processes personal data in the name of the data controller. iResearch Services is the data processor where it processes personal data solely on behalf of its customers and is the controller where it processes personal data for its own purposes.

How Does iResearch Services Comply With the LGPD?

iResearch Services is committed to complying with LGPD requirements where it applies to our data processing activities by:

  • Adopting security, technical, and administrative measures aimed at protecting personal data from unauthorized access or any improper or unlawful processing.
  • Having a dedicated privacy team for monitoring and ensuring that the personal data processed by iResearch Services is protected and that we remain compliant with applicable data protection and privacy regulations.
  • Being transparent and fair in our data processing activities. iResearch Services’ privacy policy thoroughly details how we, in our capacity as a data controller, process personal data and for which purposes. Our Data Processing Addendum sets the terms pursuant to which we process personal data on behalf of our customers.
  • Ensuring that personal data remains protected to the levels required under the LGPD.
  • Having procedures for handling data subject requests, suspected incidents concerning personal data, and regularly conducting privacy training for all relevant staff members.

If you have any further questions concerning iResearch Services’ privacy program and our ongoing efforts surrounding the LGPD, please feel free to contact our Data Protection Officer & Privacy Team at [email protected].