Synergye – General Data Protection Law

In 2018 the General Regulation on Data Protection in the European Union came into force to regulate the European law on privacy and protection of personal data, applicable to all individuals in the European Union, as well as to all companies operating in the Space European Economic, regardless of your country of origin.

Following this regulation initiated in the European Union, other countries started to take inspiration from European legislation to create their own regulations.

In July 2018, the so-called General Data Protection Law (Law No. 13.709/2018) was approved by the Brazilian National Congress, with a text inspired by European legislation. The law, which should enter into force in August 2020, was postponed by the National Congress to January 1, 2021, due to the Coronavirus pandemic.

The General Data Protection Law was enacted to protect the Brazilian user of the world wide web. Its stated purpose was to influence and regulate the way companies collect, store and use their consumers’ personal data. In this sense, the law aims to regulate and recognize various user rights, imposing severe fines on those who contravene its provisions.

The General Data Protection Law has a direct impact on SYNERGYE’s performance, since the collection and various forms of data processing are essential activities for the electronic monitoring service. Proper management of the information obtained, including the geolocation of the people monitored, is a prerequisite for the proper functioning of services, as well as for the formulation, implementation and monitoring processes.

According to a report prepared by the National Penitentiary Department [1], in line with the guidelines of the National Council of Justice, “the issue is even more relevant when we deal with procedures related to criminal prosecution, as the mere information that a certain person is liable for or has been convicted of a certain crime exposes it to social reactions that affect their family, community and social ties, impairing, for example, their access to and permanence in the labor market. Therefore, by its nature, we are talking about sensitive personal data, which require special protection by the government, at the risk of exposing people monitored electronically to permanent markers of stigmatization and exclusion”.


In this context, aiming to adapt to this new global trend and the norms of the General Data Protection Law, with special attention to the guidelines of the National Penitentiary Department regarding the treatment and protection of data in the electronic monitoring of people, SYNERGYE created a Data Security Committee in charge of introducing the actions to implement new systems and protocols to protect the data collected by it.

Among the various measures being implemented by this Committee, the following stand out:

  • Obtaining consent from the monitored person to process their data by digital means;
  • Delivery of data to the Public Administration after the end of the contract and deletion of data;
  • Pseudonymization or Anonymization of data;
  • Technical and administrative security measures for data protection, from the product design phase to its execution, with the inclusion of DevSecOps methodology in the development pipeline;
  • Protection against unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination;
  • Prevention of damage occurrence;
  • Incident response plan and its remediation;
  • Implementation of a privacy governance program;
  • Continuous backups to ensure the safety of user data preservation.

In addition to these measures, SYNERGYE is also adapting its data processing protocols for its employees, collaborators and service providers, making the treatment compatible with the purposes informed to the holder, according to the context of the treatment.

With the adoption of all these measures, SYNERGYE takes the lead once again in the adoption of best practices in the treatment and protection of personal data and in guaranteeing the fundamental rights of the people being monitored, demonstrating that it is committed to protecting and safeguarding the rights of the data subjects. of data.

SYNERGYE’s compliance with data protection regulations keeps it able to participate in new international public tenders and, therefore, continue its international expansion plan.

How Synergye acts in the General Data Protection Law –