Although in force for some time, many companies have not yet complied with the General Data Protection Law - LGPD and do not know what impact this may have on their business. A implementation of the LGPD, in addition to providing security regarding the treatment in the protection of clients' personal data, it also demonstrates the company's good faith related to the legislation, strengthening the relationship of trust with the owners of the data and third parties involved in the business.
Na implementation of the LGPD we have, for example, the functions of the DPO (Data Protection Officer), who is one of the main professionals required by the LGPD for the data management and protection system. This professional must be independent and will serve as an intermediary between the company, data owners and the authorities. It also requires the law, in implementation of the LGPD, the appropriateness of current contracts, which dictate the sharing of personal data, whether between clients, suppliers, business partners, or employment contracts.
Some key steps are recommended to start the process of implementation of the LGPD, starting with the study of the law and the appointment of the DPO. Then, it is necessary to recognize the data collection sources used by the company and map the risks of the treatment they receive, identifying possible risks of data leakage, to then prepare the Personal Data Protection Impact Report (RIPD), which is also a requirement of the LGPD implementation process.
The process of implementation of the LGPD it also consists of the creation of the Data Protection Policy, as well as the adaptation of the internal and external documents used, followed by the management of customer requests and training of the teams that handle personal data. This being a very important point: the implementation of the LGPD will only be successful if the teams that process the collected data are aligned and in full understanding of the law, its practices and its impacts.
Finally, the company needs to create a governance plan for data protection, thus defining a series of IT processes and actions aimed at complying with the LGPD. In addition, it is essential in the context of implementation of the LGPD that the company also requires this practice from its suppliers, otherwise your business may be affected.
Contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD, data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD.
