ABES and EY work in partnership to avoid LGPD's multi-million fines in Brazil

In order to educate the market about the requirements of the law, ABES and EY developed the LGPD Diagnosis tool, which demonstrates the company's level of compliance and provides suggestions on what should be changed in operations to ensure compliance with the law

ABES (Brazilian Association of Software Companies) developed, in partnership with consultant EY, the LGPD Diagnostic tool, a software that aims to help companies verify their level of compliance with the General Data Protection Law (LGPD), which will come into effect in August 2020, and complete the compliance process in relation to its requirements and requirements. The tool consists of a questionnaire through which companies can make a self-assessment regarding the different points required by the Law. Once completed, a diagnosis regarding the degree of adequacy of the company is issued, together with suggestions contextualized to the result. Access the link to self-assess your company: https://diagnosticolgpd.abes.org.br/.

“We know that the LGPD has many details that require attention, that's why we developed, together with EY, the LGPD Diagnosis with the objective of educating the market about the impacts of the legislation. Many companies are still unaware of several requirements and requirements of the Law - there is even a false conception, for example, that the LGPD only concerns consumer data, when, in fact, it encompasses all types of personal data, from customers to contributors. We believe that the LGPD Diagnosis is an extremely necessary tool in this final adjustment period, the last moment for companies to ensure compliance and avoid multi-million debts, such as those that occurred with GDPR”, explains Rodolfo Fücher, president of ABES.

The discussion regarding the use of personal data in the digital world has been gaining more and more relevance in the world market, and is currently considered a bargaining chip for business. After the creation of the General Data Protection Regulation (GDPR) in Europe, it was Brazil's turn to think about legislation that would regulate the activities for handling this information - and now, there is less than a year for companies to adapt to the new Law, changing and adjusting how they collect, store, process and use private data.

“The General Data Protection Law was created with the sole purpose of preventing abuse by companies and government bodies in the use of citizens' personal data. Being prepared for the LGPD is necessary not only to avoid fines that can reach up to 2% of the company's annual revenue up to a ceiling of R$ 50 million, but also to guarantee the rights of individuals and impose duties on organizations in relation to collection, use, retention, disclosure and deletion of personal information. With this, the law seeks to foster a new way of doing business through the development of a culture of governance of privacy risks”, comments Marcos Sêmola, EY's cybersecurity consulting partner.

To use the tool, it is not necessary, nor possible, to send personal information or information relating to the company, such as name, CPF/CNPJ, among others. After completing the questionnaire, the PDF report is available for download with information regarding the level of adequacy and suggestions for improvement – it is not possible to access this document later. The data sent anonymously related to the position of companies regarding the requirements of the LGPD will be used to produce general reports on the compliance scenario of Brazilian companies in relation to the new law. The first study is expected to be released in December.