The LGPD has impacted the way in which companies handle the personal data in their databases, regardless of their size. Many small and medium-sized businesses have questions regarding the implications of the law and what exactly they must do to comply. To help these small businesses, consulting on LGPD has been acting assertively and efficiently.
A consulting on LGPD recommends, for example, some basic measures that every company, regardless of its size, must adopt, such as: ensuring that data is stored securely, informing the data subject of the purpose of use, restricting access to data only to employees who actually use them in their role, creating documents to reinforce compliance with the law, establishing a channel for communication with data subjects and always answering their questions and/or requests.
A small company is not required to appoint a DPO to comply with the LGPD. A resolution of the ANPD - National Data Protection Authority, dated January 27, 2022, released startups and small businesses are required to appoint someone for the position of DPO (Data Protection Officer), but it makes it clear that the company that does not appoint a DPO must provide a communication channel with the data subject. In such cases, the help of consulting on LGPD it's even more important.
The same resolution cited by the ANPD relaxed some rules for small businesses and startups , such as: the possibility for treatment agents to adopt a simplified information security policy, provision by the ANPD itself of a simplified format for reporting security incidents, a double deadline for complying with requests from data subjects, reporting security incidents, and presenting information and documents requested by the agency. A consulting on LGPD is always up to date with changes and updates to the legislation and can help with these details.
Regarding the communication channel, for example, it provides for the law that must be brokered by the DPO. Since the existence of this position is not mandatory for small businesses, consulting on LGPD can help by advising on what the company should do to deal with the requests of the data subjects. It is recommended that the company has a process to evaluate the request and to respond within the time limits established by law.
The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet done the implementation of the LGPD contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for LGPD consultancy and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD , data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD .