There are still many doubts in the market about how to develop a process of compliance with the LGPD. The main question is whether all companies need to carry out the adjustment and the answer is: if The company processes personal data of owners located in the national territory, directly or through third parties, for economic purposes, are required to comply with the Law.
In view of this, companies need to register all data processing operations with compliance with the LGPD, providing ways to adopt measures aimed at information security, in addition to greater ones so that the owners are able to demand their rights. To simplify, we explain the three basic pillars for compliance with the LGPD: people, processes, and technology.
With regard to Individuals, it is important to note that the law regulates that, in compliance with the LGPD, companies must appoint a DPO - Data Protection Officer. This position may be occupied by an internal collaborator or outsourced companies, provided that they have legal and technical knowledge in data protection. The purpose of the DPO is to monitor the effectiveness of privacy procedures, to train and train the internal team, and to be the communication channel between the ANPD, the company and the data subjects. In this pillar of people, we also have the data subjects.
Another basic pillar in compliance with the LGPD They are the Processes, where data flows are mapped and the life cycle of data in the company is understood, and this information is the basis for the analysis of the appropriateness and compliance of operational practices with the data privacy policy and with the LGPD. In this pillar, the Data Governance Framework plays a significant role in the processes of compliance with the LGPD.
The last basic pillar in compliance with the LGPDand not least, is Technology. It is the one who guarantees the management of risks related to Information Security. Thus, periodic vulnerability analyses are carried out, following preventive data protection measures. The Law requires that an Information Security Management System - SGSI be maintained, based on technological and legal requirements and the risks to which the organization is subject.
In addition to the basic pillars for compliance with the LGPD, it is recommended for companies that are starting the process to prepare an Action Plan for implementation and compliance with the LGPD. It is important to bear in mind that there is a need for the collaboration of various sectors of the company and thus, multidisciplinarity It becomes essential to understand the pillars that permeate the processes for compliance with the LGPD.
Contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD, data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD.
