There are still many doubts in the market about how to develop a compliance with GDPR. The main question is whether all companies need to carry out the adequacy and the answer is: if a company processes personal data of holders located in the national territory, directly or through third parties, for economic purposes, is obliged to comply with the Law.
In view of this, companies need to register all data processing operations in the compliance with GDPR, providing ways to adopt measures aimed at information security, as well as greater so that holders are able to demand their rights. For simplicity, we expose the three basic pillars for compliance with GDPR: people, processes and technology.
With regard to Persons, it is important to point out that the law regulates that, in compliance with GDPR, companies must appoint a DPO – Data Protection Officer. This position can be occupied by an internal employee or outsourced companies, as long as they have legal and technical knowledge in data protection. The DPO's role is to monitor the effectiveness of privacy procedures, train and train the internal team and be the communication channel between the ANPD, the company and the data subjects. In this pillar of people, we also have data subjects.
Another basic pillar in compliance with GDPR are the Processes, where the data flows are mapped and the data life cycle in the company is understood, and this information is the basis for the analysis of adequacy and compliance of operational practices with a data privacy policy and with the LGPD. In this pillar, the Data Governance Framework plays a significant role in the processes of compliance with GDPR.
The last basic pillar in the compliance with GDPR, and not least, is Technology. She is the one who ensures the management of risks related to Information Security. Thus, periodic vulnerability analyzes are carried out, following preventive data protection measures. The Law requires that an Information Security Management System - SGSI be maintained, based on technological and legal requirements and on the risks to which the organization is subjected.
In addition to the basic pillars for adapting to the LGPD, it is recommended that companies that are starting the process, prepare an Action Plan for implementation and compliance with GDPR. It is important to keep in mind that there is a need for collaboration from various sectors of the company and thus, the multidisciplinarity becomes essential to understand the pillars that permeate the processes for the compliance with GDPR.
Get in touch with TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the LGPD.