“We know that the LGPD has many details that require attention, that's why we developed, together with EY, the LGPD Diagnosis with the objective of educating the market about the impacts of the legislation. Many companies are still unaware of several requirements and requirements of the Law - there is even a false conception, for example, that the LGPD only concerns consumer data, when, in fact, it encompasses all types of personal data, from customers to contributors. We believe that the LGPD Diagnosis is an extremely necessary tool in this final adjustment period, the last moment for companies to ensure compliance and avoid multi-million debts, such as those that occurred with GDPR”, explains Rodolfo Fücher, president of ABES.
The discussion regarding the use of personal data in the digital world has been gaining more and more relevance in the world market, and is currently considered a bargaining chip for business. After the creation of the General Data Protection Regulation (GDPR) in Europe, it was Brazil's turn to think about legislation that would regulate the activities for handling this information - and now, there is less than a year for companies to adapt to the new Law, changing and adjusting how they collect, store, process and use private data.
“The General Data Protection Law was created with the sole purpose of preventing abuse by companies and government bodies in the use of citizens' personal data. Being prepared for the LGPD is necessary not only to avoid fines that can reach up to 2% of the company's annual revenue up to a ceiling of R$ 50 million, but also to guarantee the rights of individuals and impose duties on organizations in relation to collection, use, retention, disclosure and deletion of personal information. With this, the law seeks to foster a new way of doing business through the development of a culture of governance of privacy risks”, comments Marcos Sêmola, EY's cybersecurity consulting partner.
To use the tool, it is not necessary, nor possible, to send personal information or information relating to the company, such as name, CPF/CNPJ, among others. After completing the questionnaire, the PDF report is available for download with information regarding the level of adequacy and suggestions for improvement – it is not possible to access this document later. The data sent anonymously related to the position of companies regarding the requirements of the LGPD will be used to produce general reports on the compliance scenario of Brazilian companies in relation to the new law. The first study is expected to be released in December.