Share

Second edition of the survey aims to update data related to personal data protection in Brazil and the main compliance issues

LGPD Business Forum, a multisectoral coalition that brings together more than 100 entities representing different sectors of the Brazilian economy, announces the second edition of Survey of Personal Data Protection in Brazil🇧🇷 The survey results will be released in January 2023, and will be used for statistical purposes, analysis and interpretation of data, production and publication of a public report.

The central objective of the research is to understand the main regulatory compliance pains, listening to the productive sector to obtain information that demonstrates, among other aspects, the level of maturity of the governance programs in data protection, the performance of the governance areas, cyber incidents and compliance with the rights of holders. 

The survey will be anonymous. That is, those interested in participating in the study will not need to identify themselves or identify the companies they represent. To contribute, simply access the link and answer a questionnaire, which will be made available from Monday, August 15th. The collection of information takes place until the 18th of November. 

For Andriei Gutierrez (ABES) and Thomaz Côrte Real (ABES), respectively, Secretary General and Secretary of the LGPD Forum, at a time when the LGPD completes two years since its effectiveness, it is necessary to reinforce the points of greater regulatory sensitivity and of legal security related to the Law. “The information gathered will be used to empower the LGPD Business Forum, in order to support and defend the validity of the Law”, they declare. 

For Rony Vainzof (Fecomercio/SP), leader of the Legal Security Working Group of the LGPD Business Forum that conducts the research, “collecting relevant inputs from the business sector helps to reinforce the points of greater regulatory sensitivity and legal security of the LGPD, in addition to to allow statistical analyses”.

According to Adriana Esper, a member of the Forum's Legal Security WG, the new survey seeks to assess the evolution of the level of corporate maturity in relation to the Law. “We are going to cross-check the information we gather this year with the ones we collected last year, to understand just how much companies have adapted and observed the LGPD”, he explains.

In the first study, less than half of the participants had mapped personal data

In January, the LGPD Business Forum launched the first edition of the survey Panorama of Personal Data Protection in Brazil, which brought together hundreds of participating companies. In 2021, they answered a series of questions about the level of maturity of data protection governance programs and the main difficulties in complying with the LGPD; on governance in privacy and data protection; on the rights of holders; and about security incidents. Check out the highlights of the study (the download full survey can be done on the LGPD Business Forum website):

>> In the opinion of the respondents, the most difficult provision of the LGPD to comply with is monitoring the life cycle of the data to determine the end of its treatment. Regarding the “main difficulty” for managing a privacy and data protection program, the majority pointed to the lack of an organizational culture on the subject, as well as budget and/or personnel shortages.

>> 94,33% of those said they had taken initiatives to identify and plan the necessary measures to comply with the LGPD. And 36,07% of respondents believed to complete the implementation stage of actions aimed at adapting to the LGPD in the 1st half of 2022.

>> 40,44% of the participants claimed to have carried out (but without having completed at the time) the mapping of personal data, identifying the categories of data holders, purpose and legal bases for the processing operations carried out, storage and sharing of personal data .

>> According to 59,02%, the companies surveyed said they had complied with all privacy notices (or equivalent), which were updated to comply with the LGPD. And for 57,38% of the respondents, the processes and internal policies were reviewed, but still partially, to adapt to the principles and rules of protection of personal data.

>> 72,68% of the companies surveyed said they had already adopted all technical and administrative measures to avoid incidents involving personal data (physical and logical). And 81,97% of the companies stated that they adopted measures to ensure that processes, products and systems respect, from conception, privacy and protection of personal data (Privacy by Design).

>> For 40,44% of those interviewed, there was a systematic assessment of impacts and risks to privacy and protection of personal data within the company. And 33,33% reported having carried out a Personal Data Protection Impact Report for specific cases.

>> 60,66% of Panorama respondents said they monitor compliance with their privacy standards and have procedures in place to handle privacy-related complaints and disputes. 42,08% of respondents reported conducting training related to privacy and data protection for their employees.

>> 76,19% of respondents reported having an Information Security Incident Response Plan. And only 10,82% of the companies said they had suffered security-related incidents in recent times (in most cases, the episodes were related to the interruption of services and the leakage of personal data of customers). In this sense, 42,08% of the respondents stated that training related to privacy and data protection is underway for the organization's employees.

>> 80,95% of participating companies said they had conducted vulnerability assessments and penetration tests on their personal data handling systems. However, only 66,67% of the respondents said they had a methodology to classify security incidents according to the risk to the holders of personal data. And only 19,05% of the participants of the first Panorama had some type of certification/seal, in relation to information security mechanisms.

>> 78,87% of the respondents named those in charge of the processing of personal data (DPO) of the corporation itself. It is important to point out that most participants reported that the DPO has legal training, combines its position with another function and reports to the Executive Board.

About the LGPD Business Forum

LGPD Business Forum, is a broad business coalition focused on legal certainty and the promotion of a culture of privacy in Brazil. It was officially created in October 2021 by a group of business entities that had been meeting since 2020 in the Business Front in Defense of the LGPD and Legal Security. Without its own legal personality, the Forum is a hub that brings together more than 100 business entities from 14 economic sectors, representing around 80% of the national GDP.

About ABES           
ABES (Brazilian Association of Software Companies) aims to contribute to the construction of a more digital and less unequal Brazil, in which information technology plays a fundamental role in the democratization of knowledge and the creation of new opportunities for all. In this sense, it aims to ensure a business environment conducive to innovation, ethical, dynamic, sustainable and globally competitive, always in line with its mission of connecting, guiding, protecting and developing the Brazilian information technology market.

Currently, ABES represents approximately 2 thousand companies, which total about 85% of the revenue of the software and services segment in Brazil, distributed in 24 Brazilian states and in the Federal District, responsible for the generation of more than 210 thousand direct jobs and an annual revenue of the order of R$ 80 billion in 2020.

Access the ABES Portal or speak to the Relationship Center: +55 (11) 2161-2833. 

 

quick access

en_USEN