DPO as a Service / DPO Support
- We act as “DPO as a Service,” outsourcing the Data Protection Officer role and conducting all activities within the company, data subjects, and the National Data Protection Authority (ANPD).
- We advise and trainning the company’s internal Data Protection Officer in their activities.
- We handle administrative proceedings before the ANPD and other regulatory agencies.
Management Tool / LGPD Platform
For managing our clients’ LGPD compliance projects and privacy and data protection programs, our office provides a platform that includes:
- Questionnaire for mapping data processing operations
- Management dashboard
- Implementation checklist
- Integration APIs
- Document library
Is your company prepared for the LGPD?
On August 14, 2018, Law No. 13,709/18, known as the General Data Protection Law (LGPD), was enacted, aiming to regulate the processing of personal and sensitive data of users in Brazil. On December 28, 2018, Provisional Measure No. 869/18 was issued, creating the National Data Protection Authority and postponing the effective date of the LGPD to August 1, 2020
However, due to the Covid-19 pandemic, the effectiveness of the LGPD came under discussion between the Chamber of Deputies and the Senate through Provisional Measure No. 959/2020 and Conversion Bill No. 34/2020. The Federal Senate unanimously voted on the matter on August 26, 2020, rejecting the postponement and calling for immediate enforcement.
What types of data are subject to the LGPD?
Any and all types of data that identify or make an individual identifiable, including registration data, genetic data, biometric data, physiological data, mental data, location data, economic data, cultural data, social data, among others. It is important to note that the LGPD also covers data collected before the law was enacted.
What is Data Processing?
According to the definition provided by the LGPD itself, data processing refers to any operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction. Therefore, it is easy to see that virtually all companies will be subject to the obligations contained in the law, which is essential for companies to comply with the regulations.
How can we assist your company in this process?
To understand how to comply with the regulation, our work is divided into three distinct phases, which can be contracted together or separately:
- Assessment: In this phase, a general and detailed evaluation of the impact of the law on the company is conducted, diagnosing what needs to be adapted to meet the necessary requirements and identifying areas of concern.
- Governance: This phase involves the development of an Action Plan, process adaptation, policy definition, and formalization of Governance.
- Monitoring: This phase includes support for the Data Protection Officer (DPO), training, compliance auditing, testing, and assessments.
What are the consequences for companies that do not adapt?
In addition to being held liable for losses and damages, companies that do not adapt may face severe administrative sanctions that could even make their business operations unfeasible. Apart from the substantial fines, the deletion of certain data or the public disclosure of the violation can jeopardize an entire business or damage a company’s reputation.
What are the benefits of adapting as soon as possible?
By adapting now, companies can test all procedures with the peace of mind that no administrative sanctions will be applied. Furthermore, when the law comes into effect, companies will have fully regulated databases and will have already implemented all the necessary procedures to comply with the regulations, without the risk of non-compliance.
GUIDE FOR DOWNLOAD: General Data Protection Law