WHAT IT IS
In August 2020, the "Lei Geral de Proteção de Dados" (Law 13.709/2018) comes into force. It regulates the collection, use and processing of personal data in Brazil. The law will impact companies of all sizes and segments, as well as public agencies. LGPD was inspired by the equivalent European legislation, GDPR, which has been moving not only the companies of the old continent, but also foreign companies that have trade relations with Europe.
With the advent of the new law, citizens become holders of the rights to their personal data, from the most basic, such as name and telephone number, to the most sensitive, such as religion or health history. No organization may use this information without the express consent of the owner, which will determine the purposes and the period within which it may be used.
LGPD in Brazil will have the same effect as GDPR in Europe and therefore presents itself as an opportunity for organizations to re-evaluate the way they organize, process and manage personal information of their customers and employees. And also to improve its data governance, which now plays an extremely important role. Failure to comply with legal requirements may result in large sanction and penalties.
WHAT NEEDS TO BE DONE
Adjustments to LGPD compliance can be quite complex and thus impose the need for legal advice and specific technological tools that support both data management and user service, including privacy by design, information security, portability, anonymization, quality and data governance, among other actions.
Adapting to LGPD is a major business challenge as it involves many areas and requires its own technical knowledge and tooling. Considering the volume and variety of data currently circulating within companies, it is necessary to create an efficient methodology, such as a “production mat”, which will guarantee deliveries in stages, generating flow and aiming for continuous and regulated work. with internal teams.
The Act also requires that a Data Protection Officer (DPO) be appointed within each company, who will be the point of contact with the data regulator and data owners. The DPO can be outsourced.
HOW RK CAN HELP
Given all this complexity, Rodrigues Koller Legal Solutions Innovation Center stands out, implementing a Compliance Model for LGPD, so that companies can effectively be safe and in compliance with the Law.
With a view to facilitating the organization of companies with regard to data governance and minimizing their tasks, we have developed a Personal Data Protection Program, which is implemented in 6 steps, starting with the diagnosis of the current situation, defining the data points to be worked on, process mapping, creation and implementation of the action plan, ending with the supervision of the results, which feeds the whole process.
This Program is implemented by a multidisciplinary team of lawyers, administrators, accountants and IT technicians, making it a complete solution to meet LGPD requirements.
To learn more, click here to contact us or access Chat in the corner of the screen.