LGPD 面试题与答案
问题 16. How can organizations ensure data security under LGPD?
Organizations should implement technical and organizational measures to protect personal data, including encryption, access controls, and regular security assessments.
Example:
Using secure encryption protocols to safeguard sensitive data during transmission.
问题 17. What is the territorial scope of LGPD?
LGPD applies to the processing of personal data carried out in Brazil or when the data relates to individuals located in Brazil.
Example:
A foreign company processing personal data of Brazilian citizens must comply with LGPD regulations.
问题 18. What is the difference between a Data Controller and a Data Processor under LGPD?
A Data Controller determines the purposes and means of personal data processing, while a Data Processor processes data on behalf of the Data Controller.
Example:
A company collecting customer data for its own marketing purposes is a Data Controller, while a cloud service managing that data is a Data Processor.
问题 19. How does LGPD address the international transfer of personal data?
International transfers require compliance with LGPD, and adequate safeguards must be in place, such as Standard Contractual Clauses or approval from the National Data Protection Authority (ANPD).
Example:
A Brazilian company using a cloud service with servers located outside Brazil must ensure the transfer is legally compliant.
问题 20. What are the steps organizations should take to obtain valid consent under LGPD?
Consent must be freely given, specific, informed, and unambiguous. Organizations should use clear language, provide opt-in mechanisms, and allow individuals to easily withdraw consent.
Example:
A website asking users to subscribe to newsletters should have a clear checkbox for users to opt in, with a link to the privacy policy.
用户评价最有帮助的内容: