Data Protection Deployment

The Brazilian personal data protection law 13,709 of 2018 is known as LGPD – General Data Protection Law. And it comprises the following themes:

1. Purpose: Legitimate, specific, explicit and informed purposes to the personal data holder, without the possibility of incompatible subsequent processing
2. Adequacy: Compatibility of processing with the purposes informed to the personal data holder, according to the context of the processing
3. Necessity: Treatment restricted to the minimum necessary to achieve its purposes
4. Free access: Guarantee of easy and free consultation on the completeness of personal data, form and duration of processing
5. Data quality: Guarantee of accuracy, clarity, relevance and updating of data according to the need and purpose of processing
6. Transparency: Guarantee of clear, precise and easily accessible information about the treatment, observing commercial and industrial secrets
7. Security: Use of technical and administrative measures capable of protecting personal data from improper access, leaks, etc.
8. Prevention: Adoption of measures to prevent the occurrence of damage due to the processing of personal data
9. Non-discrimination: Impossibility of carrying out processing for discriminatory, illicit or abusive purposes
10. Responsibility and Accountability: Adoption of effective measures capable of proving compliance with personal data protection standards
11. Penalties: Simple fine, up to 2% (two percent) of revenue, limited to R$50 million per infraction

It is necessary to implement a Data Protection and Privacy System that includes a methodology, a strategy and a set of policies and procedures and several technical and other tools (software, checklists, tests, questionnaires, etc.)

To implement the system we use 5 steps:

1. Privacy and Data Protection Preparation
2. Organization of Privacy and Data Protection 
3. Implementation of Privacy and Data Protection
4. Privacy Governance and Data Protection
5. Assessing and Improving Privacy and Data Protection 

It also includes the definition of roles and responsibilities provided for in the LGPD and training of teams involved in the implementation and operation and monitoring of activities relating to the generation, reception, processing, storage, transmission and deletion of personal data of employees, customers, suppliers and any other entities involved in the company’s value chain.