The General Personal Data Protection Law (LGPD) comes to protect the fundamental rights of freedom and privacy and the free formation of the personality of each individual. Has as main objective is to regulate the use of data, in order to promote the protection of the rights and privacy of people who have their data collected by organizations. Hence the importance of compliance with GDPR for the protection of personal data.
A compliance with GDPR will cause great impacts for companies, mainly in commercial and consumer relationships that collect data. This is because the care with the flow of information operation will be redoubled, and therefore, it is important to pay attention to the implementation of technical and organizational measures that respond satisfactorily to the requests of data subjects.
During the compliance with GDPR
It is important to note that the ANPD (National Data Protection Authority) penalties are already being applied. The LGPD provides for a simple fine of up to 2% of the revenue of the legal entity, group or conglomerate, limited to R$50 million per infraction. In addition, other non-pecuniary sanctions, which can cause major impacts on companies.
In view of this, we leave some ideal practices for the compliance with GDPR, which aim to increase the maturity of the company's security regarding the treatment of personal data. Create one internal privacy policy adhering to the LGPD and adapting internal and external documents, training and raising awareness among IT teams in understanding the LGPD and other laws relating to the company's activities, creating a mapping with all user data handled by the company, assessing whether it is really necessary to keep them stored, technically analyze the security infrastructure, revisit the systems and processes that allow adequate data transparency and always request user consent.
Get in touch with TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the LGPD.