The General Data Protection Law – Brazilian General Data Protection Law (LGPD) , which has been in force since September 2020, brings rights to holders of personal data and duties to data processing agents, whether controllers or operators. And contrary to the understanding of many leaders, complying with the Law is much more than just changing the company's privacy policy. Adequacy involves the entire development of a culture of privacy in business processes, in addition to a governance program that reviews the privacy management system, also considering actions and postures related to the topic.


To understand how to start the implementation process, some main points need to be observed, starting with an in-depth study of the Brazilian General Data Protection Law (LGPD) and laws in general that regulate your business. Afterwards, a mapping of the entry and processing of personal data, as well as the risks of the treatment, must be carried out. At this stage, it is necessary to make it clear that the adequacy to the Brazilian General Data Protection Law (LGPD) it involves not only the area of ​​technology and information security, but also the areas related to legal, compliance and human resources.


In the organization phase, action plans and mechanisms necessary to support privacy and meet Brazilian General Data Protection Law (LGPD) are established. An impact report must be prepared, to then proceed with the creation of the data protection policy and adaptation of internal and external documents. After training the teams that handle personal data, the governance phase manages requests from data subjects and bodies, incidents with data, risk analysis and other related actions. The purpose of the assessment is always to verify the regulations applied to the business area, identifying the impact of privacy. An important point during compliance is to establish a matrix of responsibilities for data protection and privacy.


Finally, arriving at the improvement and continuous review phases, the company will review the controls and inspect the maintenance of the program, implementing to adapt to the Brazilian General Data Protection Law (LGPD) . At this stage, it is recommended to appoint a data protection officer, also called Data Protection Officer (DPO), who will carry out activities such as guiding the company's employees and outsourced workers regarding the practices applied, providing clarifications, centralizing the receipt of national communications with in relation to Brazilian General Data Protection Law (LGPD) and adopt appropriate measures, as well as receive complaints and communications from the holders. For this reason, it is advisable that the DPO has, in his/her competences, complementary knowledge, such as processes and legal area. The DPO, with the help of a Data Protection Committee, is also responsible for coordinating updates and monitoring the system, following its evolution.


The constitution of a Data Protection Committee, as well as the appointment of a DPO, are considered priorities in the implementation of the Brazilian General Data Protection Law (LGPD) in the company, as well as the action plan and review of current privacy policies. Depending on the business segment, other activities are also listed as priorities, but it is important to advance in these first adaptation actions, considering that the Brazilian General Data Protection Law (LGPD) is already in effect and penalties may apply.


Adaptation is necessary and the implementation of policies for Brazilian General Data Protection Law (LGPD) they should not only be seen as a mandatory routine, but as an opportunity to change the culture, generating solid values ​​in relation to data protection.


Get in touch with TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to implement the Brazilian General Data Protection Law (LGPD) objectively and assertively, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts according to the Brazilian General Data Protection Law (LGPD) , data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the Brazilian General Data Protection Law (LGPD) .