According to the rules of the LGPD, companies that handle customer data must nominate in the
compliance with GDPR, a new professional called DPO, or Person in Charge of the Processing of Personal Data. According to the terms of the law, this professional will have the function of receiving complaints from customers about misuse of data, provide clarifications and adopt measures to solve problems related to the subject, guide employees on the legal ways of handling third-party data and receive communications from the National Data Protection Authority.
Basically, in compliance with GDPR, the DPO will monitor the entire life cycle of the data that travels through the company and must carry out a complete mapping of all its circulation. The professional will be involved in all the company's projects, also acting as a decision maker in data manipulation.
The first step for the DPO to act in the compliance with GDPR it is to understand the context of the company, to know the interested parties and to make the employees aware. Well without to engage everyone, the LGPD becomes just another bureaucratic tool within the organization. In a second moment, he will carry out the risk assessment, seeking the main sources of risks related to the protection of personal data and information security within the company.
And for the DPO to act successfully in the compliance with GDPR, in the third step it implements the action plans raised in the previous steps, starting the preparation of the Privacy Policy, the Information Security Policy and the adequacy of related processes and procedures.
The DPO plays a management-level role in compliance with GDPR, being responsible for compliance with the strategy, implementation and maintenance of governance processes, risk management and compliance inherent and related to data protection and privacy.
The existence this professional journey na compliance with GDPR not mandatory, but recommended for all companies dealingm with personal or sensitive data. Although the definition of a position is a decision of the company, if sought by the Public Ministry or other competent body, the presence and responsibility of this professional may be required.
Get in touch with TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the LGPD.