What you need to know about GDPR, Privacy and Cookies Policies.

Makenow | 11 FEB 2022

It is very likely that you are already quite used to banners that appear on websites asking if you accept the privacy policies and the use of cookies during your navigation. While you're also likely to accept all of this, do you even know what it means? Or have you just accepted cookies and privacy policies, but still don't quite understand what they represent? Have you heard of the General Data Protection Law?


With the growth in the production and use of data and the increasing exposure of people on the internet, especially on social networks, a very large space has opened up for personal data to be used by companies for different purposes, or even leaked to others. companies. It is very likely that a company has already contacted you by email or phone, and you did not even know that company or had registered for the services it offers. Given this scenario, limiting the freedom of companies in the use of personal data became necessary and, due to this latent need, a Brazilian legislation was created: the LGPD (General Data Protection Law).

What is GDPR?

The LGPD is a law (13,709/2018), enacted in August 2018, which regulates activities involving data, aiming to protect personal information and guarantee the privacy of users. Its main objective, according to the MPF (Federal Public Prosecutor's Office), is "to protect the fundamental rights of freedom and privacy and the free development of the personality of the natural person". This law was based on existing international parameters, especially European legislation, in Portuguese called the General Data Protection Regulation , or RGPD, which is valid in all countries of the European Union and the European Economic Area (EEA), being considered the most complete regulation on the issue of data security in the world. Simply put, the LGPD establishes rules related to the collection, storage, treatment, transfer and sharing of personal data, determining more protection and imposing penalties for non-compliance. In other words, it puts control over the information in the hands of the information holder. In view of this, each user must explicitly, consciously and spontaneously allow a particular company to use their personal data for specific purposes.

What are the responsibilities of companies?

Since September 2020, when the LGPD came into force, there are some responsibilities that have been imposed on companies and that, therefore, need to be fulfilled. Among them, the main ones are listed below:

  • Companies need to inform what data is being stored, in addition to explaining the reasons that lead them to capture and process this user data. It is important to note that all this must be done clearly, without using huge terms, buttons that induce automatic acceptance, or fine print.
  • The company must also inform how long it will keep that data, that is, when it will be removed from its databases.
  • It is important that the company makes available ways for the holder to access and have control of their data, being able to remove them without bureaucracy.
  • In case of leaks or any type of change in the way of using/treating the data, it is necessary for the holder to be notified immediately.
  • The company needs to have a professional responsible for controlling the practices associated with the use of the data, who will also be responsible for guiding all employees who are involved in the use of the same.

All these strict regulations were created to ensure that every user has more privacy when it comes to their personal data. Failure to comply with regulations can generate a fine of up to 2% on the company's revenue. To monitor and apply penalties for non-compliance with the LGPD, a body called ANPD, an acronym for National Authority for the Protection of Personal Data , was created . Even foreign companies had to adapt to the requirements established by Brazilian legislation. It is worth noting that this law does not apply to individuals who use data for personal, academic, artistic or journalistic purposes; however, the data must be anonymous in disclosure. Public safety or investigation cases also have specific rules.

Privacy and Cookies Policies.

Well, now that we know what the LGPD would be, we can better understand the privacy and cookies policies, after all, both are directly associated with this regulation.
A privacy policy is a formal statement or legal document that informs how a particular company or platform collects, uses, discloses and handles a customer's data. In general terms, it is through this document that the holder will be aware of all the guidelines that the company has used to guarantee the protection of their data, following the regulations that we have seen above.
Cookies , in turn, are small files generated when using a website and recorded in the memory of the browser used. The use of cookies can be useful in several scenarios, such as:

  • In storing information that may be useful in identifying the visitor
  • In customizing the page according to the visitor's preferences
  • When transporting information between pages of the same site
  • In browsing history storage
  • In storing login and password information, the user needs to authenticate himself whenever he accesses a website.

It is through cookies that we can, for example, work on some 1platforms offline, synchronizing the data as soon as we have access to the internet again. Cookies can also store the tabs we visit, the products we look for, the ones we leave in the cart, or if we fill out a form. It turns out that, sometimes, platforms also use a type of cookie called Third Party , which are third-party cookies, that is, from a source external to the domain. This means 3that third-party companies to the website owner (Facebook Ads, Google Ads, Google Analytics or Hotjar, for example) will also be storing cookies to record information about visitors. It is for this reason that, on most websites you visit, there is a Cookie Banner , a small window that serves to make explicit how cookies may be used by the website, in addition to offering the possibility for the user to partially or fully agree to the use of cookies. these cookies on your browsing.


In summary, the proposal with the implementation of the LGPD, in a simple way, is to guarantee transparency and security in the possible use of data. I hope that after reading this you are already more aware of your rights as the holder of your information and can analyze whether companies have used your data correctly and transparently, or even if your company has adapted well to the requirements regulated in this law.