The LGPD has been impacting the way companies handle personal data in their databases, regardless of their size. Many small and medium-sized businesses are uncertain about the implications of the law and what exactly they must do to comply. To help these small businesses, the GDPR consultancy has been acting assertively and efficiently.


A GDPR consultancy recommends, for example, some basic measures that every company, regardless of its size, must adopt, such as: ensuring that data is stored securely, informing the data subject of the purpose of use, restricting access to data only to employees who actually use them in their function, create documents to reinforce compliance with the law, establish a channel for communication with data subjects and always answer their questions and/or requests.


A small company is not required to nominate a DPO to comply with the LGPD. A resolution of ANPD - National Data Protection Authority, of January 27, 2022, released startups and small businesses from the obligation to nominate someone for the position of Data Protection Officer (DPO), but makes it clear that the company that the company that does not appoint a DPO must provide a communication channel with the data subject. In such cases, the help of GDPR consultancy is even more important.


The same resolution cited by the ANPD, relaxed some rules for small companies and startups, such as: possibility for processing agents to adopt a simplified information security policy, provision by the ANPD itself of a simplified format for reporting security incidents, double deadline to meet requests from data subjects, report security incidents and present information and documents requested by the agency. THE GDPR consultancy is always up to date with changes and updates in legislation and can help with these details.


With regard to the communication channel, for example, the law provides that the DPO must mediate. As the existence of this position is not mandatory for small companies, the GDPR consultancy can help by advising on what the company should do to deal with requests from data subjects. It is recommended that the company has a process for evaluating the request and responding within the deadlines provided for by law.


The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet made the GDPR implementation eContact TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on Brazilian General Data Protection Law (LGPD) and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving Brazilian General Data Protection Law (LGPD) , data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the Brazilian General Data Protection Law (LGPD) .