Companies have until August 2020 to adapt to the new rules
In August 2018, Brazil became part of the group of countries that have a General Personal Data Protection Law (Law No. 13.709/2018 - LGPD). 1 The purpose of the law is to guarantee more privacy and control over the data of the holders with the intention of preventing misuse by third parties. With this regulation, companies must begin to prepare to adapt routines, processes and policies to the new requirements. For this, they bought time until August 2020 to comply with this regulation.
Due to the relevance of the subject, Senior, a reference company in technology for management, offers consulting and guidance for companies that still have doubts about the suitability and the processes they need to implement.
A current concern of entrepreneurs from the most varied segments is how to start implementing these standards within the company. Senior's Head of Business Consulting, Leandro Branco, highlights that for companies to adapt, it is important to take three points into consideration: governance, education and technology.
“Data governance involves internal processes that need to be readjusted and followed. Education concerns the awareness of employees and how each employee has a fundamental role in dealing with information security. And as a third point comes technology, which implies a good management of personal data. And, in this aspect, companies need to understand what kind of tool they should hire”.
Leandro explains that based on this legislation, organizations will need to evaluate and review internal procedures, establish a body responsible for Information Security and appoint a person in charge of processing personal data, among other measures and control mechanisms. He reinforces that companies should use the moment to their advantage, adapting to the new rules from now on. For this, it is necessary to be within the law and to know what its greatest impacts will be.
Failure to comply with the obligations provided for by law may result in a warning, fine or even a total or partial ban on activities related to data processing. Fines are high and can reach up to 2% of turnover, limited to R$ 50 million per incident.
EN 
PT 
