In August of next year, it will come into effect... General Law of Data ProtectionWith less than a year to go before the LGPD (Brazilian General Data Protection Law) comes into effect, Brazilian companies that collect and process personal data must begin the adaptation process.

At this stage, organizations are seen in various groups when it comes to their level of compliance. Which group does your company belong to? Check out the main ones and what you should do to take the next step and avoid headaches from the LGPD (Brazilian General Data Protection Law) next year.

Leading companies

They are a benchmark in the market when it comes to data protection and privacy. Some are already compliant with the GDPR, the European data protection law, due to their multinational nature.

These companies share their knowledge on the subject, and some offer solutions to help others comply. They already have a culture of undertaking projects that align with the concept of privacy by design e privacy by default (Privacy by design and by default).

Next step: Educate the market further on the subject and use the law as an opportunity to grow.

As “early adopters”

As soon as the law was passed, these companies began seeking information and looking internally to understand how personal data is handled. The company's team early adopting They are already attending lectures and courses, reading articles online, and testing tools that will help in the compliance process.

These are businesses that will not be negatively affected by the law coming into effect, as they are already preparing for it. Over time, they will notice the advantages of data protection for organizing company information and for transparency in customer relationships.

Next step: To put into practice the concepts required by law and to guide employees on the importance of data protection.

Skeptical companies

The idea that the LGPD (Brazilian General Data Protection Law) won't "catch on" is something defended by skeptical companies. They will only start to comply when they see that it can cause financial and reputational damage, that is, when they see other businesses suffering penalties.

They know the law will come into effect next year, but they haven't started yet. data mapping and they will leave any necessary adjustments until the last minute.

Next step: To better understand the law and seek information about the advantages of data protection in large companies.

Conservative companies

The businesses that are part of this group have also not taken any action to comply with the General Data Protection Law. They are waiting for other companies to do so and prove the results.

In the opinion of those who run this type of company, it's not worth investing time and resources in compliance without a guarantee that the effort will be worthwhile. They are continuing with their routine as normal until they are certain that something needs to be done regarding data protection.

Next step: Seek advice from a consultant, such as a DPO or specialized lawyer.

And which category does your company fit into? Tell us in the comments!