According to the rules of the LGPD, companies that manipulate customer data must nominate compliance with the LGPD, a new professional called DPO, or Person in Charge of the Processing of Personal Data. Under the terms of the law, this professional will have the functions of receiving complaints from clients about misuse of of data, provide clarifications and adopt measures to remedy problems related to the topic, advise employees on legal forms of manipulation of third-party data, and receive communications from the National Data Protection Authority.
Basically, in compliance with the LGPD, the DPO will monitor the entire life cycle of the data that travels through the company and must make a complete mapping of its entire circulation. The professional will be involved in all of the company's projects, also acting as a decision maker in the manipulation of the data.
The first step in acting by the DPO in compliance with the LGPD is to understand the context of the company, to know the interested parties and to make employees aware. Because without involving everyone, the LGPD becomes just another bureaucratic tool within the organization. In a second step, it will carry out the risk assessment, seeking the main sources of risks related to the protection of personal data and information security within the company.
And for the DPO to act successfully in compliance with the LGPD, in the third step, it implements the action plans drawn up in the previous stages, beginning the preparation of the Privacy Policy, the Information Security Policy and the adaptation of related processes and procedures.
The DPO plays a managerial role in compliance with the LGPD, being responsible for complying with the strategy, implementing and maintaining the governance, risk management, and compliance processes inherent to and related to data protection and privacy.
The existence of this professional in compliance with the LGPD it is not mandatory, but it is recommended for all companies that deal with personal or sensitive data. Although the definition of a position is the company's decision, if sought by the Public Prosecutor's Office or other competent body, the presence and responsibility of this professional may be required.
Contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD, data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD.
