LGPD - The General Personal Data Protection Law (Law No. 13,709/18)

PrintMailRate-it

published on 8 October 2020 | reading time approx. 3 minutes

  

Does your company collect information from employees, clients, and/or suppliers and knows how to classify these information as "personal" or "sensitive"? Does your company know whether specific authorization is required for collection, storage or even sharing these information? Is data security ensured for all accesses, software and firewalls in your company?

 

If you answered any of these questions with “no” or “do not know” the following reading might be interesting for you:

 

LGPD – Regulatory framework

LGPD is the acronym adopted to designate the General Data Protection Law (Law No. 13709) approved on August 14, 2018 and effective since August 2020. Its main purpose is to ensure transparency in the use of personal data by any means.

 

This new legislation is based on the European GDPR, and uses fundamental rights of freedom and privacy as a guideline to establish rules regarding the collection and storage of personal data and their sharing. The intention is to provide protection of data of individuals with the penalty of fines up to 50 million reais to motivate their compliance by companies.

 

Explicit consent is required from the data subject. That is, the individuals must be clearly informed of the terms of use and extent of the authorization must be grant freely. It is also important to remember that data subjects may at any time rectify, cancel or even request deletion. LGPD empowers consumers by giving them control over their data and being able to punish those responsible for any damage caused by misuse of the information.

 

How Rödl & Partner may assist you with the compliance of the obligations arising from the new legislation?

 

LGPD – Rödl & Partner's method

Rödl & Partner has designed the Solution, which is composed by three phases: the Risk Assessment phase, the Remediation and Implementation phase and the Training and Maintenance phase. The three phases contribute to demonstrate the Company’s Accountability: therefore, they reduce the risk of possible sanctions, enhancing your business.

 

PHASE 1 - RISK ASSESSMENT

It is the tool that Companies will use, by examining its own situation in order to adopt the most appropriate solution in their specific case. In other words, it is a privacy audit having as its purpose the assistance in the identification, formalized in a report of the situations that need to be improved, the risk level and the adequate organizational and technical measures suggested in order to bring the Company in line with the LGPD and enhance the protection of data. 
   

PHASE 2 - REMEDIATION AND IMPLEMENTATION

The second phase is focused on the review or draft of documents, procedures, systems and data processing registers; as well as on the implementation of the technical and organizational measures according to the guidelines collected in the Risk Assessment phase (such as Privacy Organisational Model, LGPD certification, training to employees).

 

PHASE 3 - TRAINING AND MAINTANCE

This phase is focused on the assistance in the maintenance and periodical update of the privacy compliance, as requested by the LGPD, as well as on the consultancy regarding all the relevant privacy issues and activities carried out by the Company; furthermore, in the adoption of Self-Assessment automatic tools to update the data protection of your company and the provision of Data Protection Officer Services.

Skip Ribbon Commands
Skip to main content
Deutschland Weltweit Search Menu