Data protection is the theme of the ABES, IBM and Opice Blum event

Privacy Summit Brazil discussed the impacts of the GDPR

Three days before the General Data Protection Regulation (GDPR) came into force, a set of specific rules dealing with the protection of personal data, applicable in all organizations established in Europe and doing business in the European territory, There are still many doubts about the impacts and how Brazilian companies should prepare to fit.
 
To discuss the topic, ABES, IBM and Opice Blum, held today (21) the Privacy Summit Brazil – GDPR, at the IBM headquarters, in São Paulo. Marcelo Braga, vice president of Cloud at IBM Brazil, opened the event by reinforcing the importance of discussing the topic. "Companies that adapt more quickly and that carry this image that they are companies that respect data privacy will have a competitive advantage."
 

Jurist João Ferreira Pinto

Subsequently, the new international regulations and the impact on business were addressed by Portuguese lawyer João Ferreira Pinto, a special guest. In his presentation, he spoke of the chronology of actions that resulted in the GDPR and the importance of the DPO (Data Protection Officer) function. According to the regulation, this professional will be mandatory for both the public administration and for companies that work with large amounts of data or data considered sensitive. He estimates that in the European Union alone, the demand for the function is already 70,000 professionals. “It's not a profession, but a function. The person in charge has to combine qualifications to be able to discuss both legal and technological requirements”.
 
The jurist believes that the GDPR will be valid for the next 20 years. “With the digital economy, people are more vulnerable with regard to their data. The European regulation requires companies to document all data processing operations and will contribute to the creation of cooperation mechanisms for information governance and the fight against fraud. We remind you that sanctions are foreseen for extremely heavy companies. However, the path is made by walking, as it is a process. The world will not end on the 25th. Time to remain calm and protect your company's data”, he highlighted. The speaker also presented the digital agenda for Europe, a strategy that will be implemented by 2020, as planned.
 
Privacy in the 21st Century
 

Cristina de Lucca, Renato Opice Blum, João Rocha and Andriei Gutierrez

“Privacy in the 21st Century” was the theme of the first panel, which brought together journalist Cristina de Lucca; lawyer Renato Opice Blum, coordinator of Insper's Digital Law Program; IBM Brazil's Cybersecurity executive, João Rocha, and Andriei Gutierrez, coordinator of the ABES Regulatory Committee.
 
“What I'm seeing happening is more and more data leakage. Nobody wants it, but there is vulnerability. Will legislation be able to meet expectations? I hope so. Legislation in Brazil is still dispersed and citizens need to pay attention to what they themselves publish on social networks”, emphasized Blum. “It takes thinking for safety. From the conception of the projects, the company has to think about protection and security, what we call security by design, and have a response area for incidents. There are even organizations purging all the data kept from customers and starting from scratch, based on the new GDPR guidelines, to be in compliance”, pointed out Rocha.
 
“This is a theme that has been very active at ABES. One of our concerns is legal and regulatory security. It is an extremely important topic for Brazilian social and economic development. I would venture to say that we need a national pact for privacy,” said Gutierrez. He also commented that companies need to understand that the GDPR does not only affect the businesses of technology companies, but also organizations from all segments that deal with data from Brazilians and European citizens, in terms of European regulation.
 
Privacy in a world without borders
 

Francisco Camargo, Viviane Maldonado, Ana Paula Bialer and Fábio Rua

Francisco Camargo, president of ABES, moderated the second panel that addressed the theme "Privacy in a world without borders", and which included the participation of Fabio Rua, director of Government Relations and Regulatory Affairs for Latin America at IBM; Judge Viviane Maldonado, from the TJSP; and the public policy consultant of the Information Technology Industry Council, Ana Paula Bialer.
 
“The North American model is sectoral, there is no single regulation. There, the system is decentralized. The European model is unified. This aspect alone demonstrates the difficulty of harmonizing. In practice, this harmonization will take place through legal instruments that will have to be locked in by these countries, through agreements and even through diplomatic channels”, explained Viviane.
 
“Do we need to be inspired by the GDPR to really ensure that Brazilians' data is protected and that the Brazilian economy is in line with best data protection practices? What worries me a little is not asking this question beforehand about other models that are out there and that, perhaps, due to the specificities of Brazil, might be more appropriate”, said Ana Paula.
 
"I am concerned about Article 27 of the regulation, which affects any company, even outside the European Union," said Camargo, noting that the GDPR reaches both large, medium and small companies worldwide, despite the regulation being centered on the processing of data from European citizens.
 
“We have two projects in Brazil, one in the Chamber and the other in the Senate, which do not advance. I think this is the time to assume the text that provides the best answers to the population's concerns and make it move forward”, said Fábio Rua, who also highlighted the principles of IBM, which has already adapted its policy and strategy to the GDPR.