A local bakery in Brazil launches a loyalty program, collecting personal data such as names, birth dates, and purchase history from its adult patrons. To comply with the LGPD, what is the MOST critical step the bakery must take regarding this data?
Anonymize all patron data within 24 hours of collection to eliminate privacy risks.
Ensure the data is used exclusively for discount-related communications and not shared with any third parties.
Register the data processing activity with Brazil's National Data Protection Authority (ANPD).
Provide a clear and accessible privacy notice explaining what data is collected, the purpose of its processing, and the rights of the data subjects.
The correct answer is to provide a clear and accessible privacy notice before or at the time of data collection. Brazil's LGPD, under Article 6, is founded on the principles of transparency and purpose. Article 9 further specifies that data subjects have the right to clear, accessible information about how their data is processed, for what purpose, and what their rights are. While the other options represent valid data protection concepts, providing a privacy notice is the foundational and most critical first step for lawful data processing under the LGPD.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Brazil's LGPD?
Open an interactive chat with Bash
What kind of information must organizations disclose under LGPD?