BigID offers an automated solution to help companies comply with Brazil's General Data Protection Law (LGPD). It uses machine learning and identity intelligence to discover personal data across structured and unstructured data sources. This helps companies map personal data to specific individuals to meet obligations around data rights, consent management, and security incident response. BigID provides visibility into personal data, how it is related to individuals, and where it is located to help operationalize privacy processes at scale.

1. www.bigid.com • info@bigid.com • @bigidsecure
Your Customers' Privacy, Protected!
Data-driven Compliance Automation for Brazil LGPD
LGPD
Compliance
Automated
Brazil's Data Protection Law (Lei Geral de Proteção de Dados
or LGPD) establishes both a new set of obligations for
companies processing personal data or using the data to
provide services in Brazil, as well as a comprehensive set of
individual data rights that incorporate explicit consent for
specific purposes of processing. At the same time, the law
also expands the definition for what data should be
protected, including categories of sensitive data that require
stronger protection. BigID is the first product to apply identity
intelligence and smart correlation to the new privacy
protection challenges, enabling companies to prepare,
operationalize and automate their path to LGPD compliance.
ML Driven Personal Data Discovery
Under Article 5 of LGPD, personal data is defined as "any personal
information related to an identified or identifiable a natural person."
Traditional approaches to data discovery have focused only on a subset of
personally identifiable information (PII), not how specific data values are
related to an individual or context informs classification. For data controllers,
this new definition creates the challenge of finding and mapping every
individual's personal data across petabytes of varied data stores.
BigID uses innovative correlation and identity intelligence to establish how
identifiable data relates to a data subject, helping to uncover “dark data” and
infer via correlation which attributes are associated with data subjects - not
just PII. BigID automates discovery personal information inventory from
ongoing discovery and classification across enterprise infrastructure (cloud,
on-prem, structured and un-structured data sources).
Your Customers' Privacy, Protected!
Data Subject Rights
Data subject rights, including the right to access, deletion, modification, and
elimination, are central to the requirements laid out in Chapter III of LGPD to ensure
ownership of personal data. To address subject data rights like access or elimination
with accuracy and operationalize requests at scale, controllers require the ability to
maintain an index of the personal information they collect and process across all
enterprise data sources. BigID delivers the data intelligence foundation to discover
personal information across an enterprise, the index whose data it is and seamlessly
operationalize privacy management processes. BigID provides a comprehensive
consumer information report that incorporates where consumer information was
found, how it is related to a data subject, what categories of data are collected, and
can incorporate the assigned purpose for collection.

2. www.bigid.com • info@bigid.com • @bigidsecure
Your Customers' Privacy, Protected!
Consent Governance
Under LGPD, user consent is one of the foundational conditions for processing
personal data - and the onus is on the controller to demonstrate that consent was
given in accordance with the law. The law stipulates that consent must be tied to a
specific processing purpose and revoked at any time. By aggregating and correlating
consent records to specific data subjects, BigID provides the foundation to address
the purpose of consent. BigIDʼ s unique ability to associate granular data insights
with a particular individual based on consent agreement parameters enables
controllers to implement into a practical inspection and validation tool for how
personal data is collected and processed in terms of consent obligations. The BigID
consent management console delivers a consolidated view into consent collection,
status and validity, structured by data individual data subject, and per application.
BigID is redefining personal data protection and privacy in the enterprise. Organizations
are facing record breaches of personal information and proliferating global privacy
regulations, with fines reaching 4% of annual revenue.
BigID gives enterprises software to automate the security and management of structured
and unstructured PI across datacenters and cloud. Using BigID, enterprises can better
steward their most vital assets: their customer, employee and client data.
For more information, email info@bigid.com or schedule a demo at bigid.com/demo
How BigID Can Help
Your Customers' Privacy, Protected!
The LGPD emphasizes that controllers should adhere to security, technical and
administrative measures to protect personal data, and the "controller shall notify
the supervisory authority and the data subject of the occurrence of any security
incident that may result in any relevant risk or damage to the data subjects, "
according to Article 48. Controllers are required to provide specific information
about the impact of security incident to data privacy within a timeframe defined
by the supervisory authority, which can then require public disclosure. Based on
BigIDʼs mapping of personal data, security teams can better understand their
data breach risk and orchestrate security controls through APIs such as
encryption or de-identification. In the event of an incident or data breach,
Security and IT can quickly scope the impact and understand which consumer
identities and attributes have been impacted by a breach based on BigIDʼs
inventory of personal data and consumer identity by data source.
Data Breach Assessment
Data-driven Compliance Automation for Brazil LGPD