Inside the compliance with the LGPD, the Law establishes a series of requirements and criteria for companies that process personal data. One of these requirements is the preparation of the Personal Data Protection Impact Report - RIDP. This report is expected to be a document that must be prepared by the controller whenever the personal data processing process allows the generation of risks to civil liberties and fundamental rights.
That is why the importance of RIDP within compliance with the LGPD, since it is essential to keep records of data processing operations. The report must, at a minimum, contain a description of the types of data collected, the basis for the collection, and the methodology used to collect the data. With the objective of ensuring information security and the controller's analysis of the measures adopted by your company, the report must have safeguards and risk mitigation mechanisms adopted.
The RIPD should preferably be prepared in the initial phase of compliance with the LGPD, in the program or project that will include data processing. But it can and should also be designed for treatment operations that are already underway. This practice results in the importance of structuring reliable information security systems that allow automated decisions in your business.
There are other events at compliance with the LGPD, which must be considered within the need to prepare a RIPD. For example, in the case of the processing of sensitive personal data and the processing of data of children and adolescents, which require preventive action to mitigate risks and justify the need to prepare an Impact Report. More than a document, the RIPD is a process composed of several steps aimed at evaluating and managing the risks related to the privacy of the project.
Contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD, data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD.
