A milestone for a culture of transparency centered on individuals, minimizing the impact while increasing the security applied to the processing of personal data.


Law number 13.709 (General Data Protection Law – LGPD) was enacted on August 14, 2018.

It is already possible to observe increasing and consistent changes in the market following the implementation of LGPD principles and standards within organizations.

This has resulted in raising awareness, clearer and more transparent texts in contracts and in privacy policies, increased use of information security tools and systems, certification of data protection professionals, among others.



The following are subject to the law:

  • Handling of personal data collected in Brazil and

  • Handling of data involving the offer of goods or services to people who are in Brazil, - whether free of charge or for a fee -, and regardless of the country in which the data processing takes place.


The following are exempt from the law:

  • Handling of personal data carried out for private and non-economic purposes;
  • Data that is exclusively journalistic, artistic, or academic;
  • Data exclusively related to public security, national defense, state security or the investigation and prosecution of criminal offenses, and
  • Data that has no contact with Brazil in the entire processing chain.
01 02


Handle personal data in a manner compatible with the purposes informed to the data subject.



Handle personal data for legitimate, specific, and explicit purposes about which the data subject has been informed.


Free access

Guarantee the data subject free and easy consultation to their processed personal data, as well as to the form and duration of the handling.



Do not use the data for illicit or abusive discriminatory purposes.



Handle only the necessary data - both in terms of data categories and in proportion - as little as possible to achieve the purposes.



Take all possible measures to avoid damage to (or as a result of) the handling of personal data.


Data quality 

Ensure accuracy, clarity, relevance and updating of data.


Responsability and Accountability

Demonstrate the adoption of effective measures to demonstrate compliance with data protection rules



Use technical, administrative, and organizational measures to protect personal data from unauthorized handling, whether intentional or accidental.



Provide data subjects with access to clear, accurate, and easily accessible information on the handling of their personal data while keeping commercial and industrial secrets safe.




According to legal definitions, Neoway is classified as a "Controller" of the personal data it is responsible for, as it determines what data will be collected, how it will be modeled and stored, what information security measures will be applied, how this data will be available on the Neoway Platform and for what purposes, and it also determines all other data processing specifications. The Neoway Platform handles and makes personal and anonymized data available, but it does not deal in any way or provide sensitive data.


Neoway applies all the principles established by the LGPD in its operation. For example, in terms of data quality, Neoway ensures that the data is up to date and reflects exactly how it is available from the original source. In terms of security, the ISO 27001 and ISO 27002 controls are incorporated into Neoway's operations through information security systems and tools that are in line with the latest on the market. The "Neo-SEC-way" culture is also developed through internal training.


As Big Data is Neoway's "core business", we have always paid special attention and care with the management and protection of data and, once the LGPD was enacted, we redoubled our concern regarding data processing in order to implement the controls of the law in our operation.

01 02 03

Know more

Core fundamentals

See the complete material that demonstrates the importance of the law and Neoway's efforts to keep it up-to-date in our work.

Acess Material