Since September 2020, when the LGPD (Brazilian General Data Protection Law) came into effect, all companies that process personal data have had to comply with it. This means that all organizations must have practices in place to maintain data privacy and security, considering all sectors and areas. 

The new legislation impacts all companies that process personal data of leads, customers, employees, and suppliers. Starting in August 2021, the fine for non-compliance can reach R$ 50 million per infraction. Therefore, it is vital for organizations to begin their journey towards data privacy and adapt to the LGPD (Brazilian General Data Protection Law).

What many entrepreneurs and professionals may be wondering is: who is responsible for adapting to the new law? The correct answer would be everyone in the company. However, in the case of institutions that handle a lot of data, it is important to have a Compliance team that will act on best practices to avoid sanctions and fines.

Interdisciplinary team for Compliance

LGPD is a law that governs data processing. Therefore, it is essential for a Compliance team to have professionals from the legal field, technology, C-level executives, and especially people who understand and are deeply familiar with the processes. 

the figure of Data Protection Officer, or DPOIt is essential that the DPO (Data Protection Officer) comes from any field (provided they preferably have legal-regulatory and technological knowledge, even though this has been omitted from the LGPD until now). The important thing is that this professional has a certification to perform this function, which is usually obtained through a specific DPO course.

The Data Protection Officer (DPO) is responsible for mediating between the company and the... National Authority for Personal Data (ANPD). He will also train the team to maintain the privacy of the records, as well as respond to requests from data subjects, such as changing and deleting information.

From a legal standpoint, the responsible professional must stay informed about the legislation. They should be familiar with the legal basis for data processing and keep the team informed. This work also includes drafting the [documents/documents/etc.]. Terms of Use and Policies internal and external factors regarding the privacy of data subjects.

The technology representative on the Compliance team must ensure that data collection on websites, portals, and systems is within the law. They are responsible for creating the consent banner for data use. CookiesFor example. The IT professional will also do the managing permissions the use of cookies and the correct storage of this collected data.

The Human Resources department will play a key role in complying with the General Data Protection Law. This sector handles the personal data of all company employees and needs to know the best way to maintain the privacy of this information, such as addresses, documents, bank details, and other data.

The area of marketing It should also be involved in the LGPD compliance process. Websites typically collect contact information through forms, for example. It is up to team responsible Make it clear in the form what the information will be used for and ask if the user agrees to receive emails, messages, and calls.

Start your adaptation now.

Regardless of your field of activity, if you want your company to comply with the law and avoid fines, you can start now. 

Please free trial from the Privacy Tools Privacy Management Platform and see in practice how you can to comply!