Although in force for some time, many companies have not yet adapted to the General Data Protection Law – LGPD and do not know what impact this can have on their business.. GDPR implementation, in addition to providing security regarding the treatment in the protection of customers' personal data, it also demonstrates the company's good faith related to the legislation, strengthening the relationship of trust with the data owners and third parties involved in the business.
Na
GDPR implementation we have, for example, the functions of the DPO (Data Protection Officer), who is one of the main professionals required by the LGPD for the management and data protection system. This professional must be independent and will serve as an intermediary between the company, data subjects and the authorities. The law also requires GDPR implementation, the adequacy of existing contracts, which dictate the sharing of personal data, whether between customers, suppliers, business partners or employment contracts.
A few main steps are recommended to start the process of GDPR implementation, starting with the study of the law and the appointment of the DPO. Then, it is necessary to recognize the data collection sources used by the company and map the risks of the treatment they receive, identifying possible risks of data leakage, to then prepare the Personal Data Protection Impact Report (RIPD), which is also a requirement of the GDPR implementation process.
The process of GDPR implementation
it also consists of creating the Data Protection Policy, as well as adapting the internal and external documents used, followed by managing customer requests and training the teams that handle personal data. This being a very important point: the implementation of the LGPD will only be successful if the teams that process the collected data are aligned and in full understanding of the law, its practices and its impacts.
Finally, the company needs to create a governance plan for data protection, thus defining a series of IT processes and actions aimed at complying with the LGPD. Furthermore, it is essential in the context of GDPR implementation that the company also requires this practice from its suppliers, otherwise, its business may be affected.
Get in touch with TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the LGPD.