How can we help you
Our adequacy program is customized according to the reality of each company, regardless of its size!
The implementation from scratch consists of four steps:
1 – Consultancy and Data Mapping
To properly start the discovery and evaluation process, it is necessary to understand how the data processing flow occurs in the company.
Therefore, we will hand out questionnaires and execute an initial risk assessments in order to display a general data overview in your company.
2 - Data inventory
At this stage, all areas of the business that process personal data will be deeply analyzed – that collect, store, process, transfer or receive personal data from data subjects (customers, employees, job seekers, partners and suppliers).
3 – Adequacy
It will be necessary to adapt and develop data protection policies for all instances of personal data processing and assess whether they are adequate to meet the requirements of the LGPD. Furthermore, we will also check the legal basis for each purpose and data category.
4 - Final Report and Team Training
After the adaptation phase, it is necessary to put into practice all the new protection policies developed in the previous phase. To do that, it is necessary to raise awareness and train employees about the new changes and how they should proceed in case of doubt.
In addition, at this phase, we will also deliver a final report, so that the company can see its evolution throughout this period and have a roadmap on how it should act in the future to maintain and improve its policies.
Maintenance review (optional)
Finally, we also suggest that companies annually consult with us in order to verify the current status of the implementations taken and if any improvements need to be adopted.
Data culture is here to stay, and it's a continuous process of improvement!
We prepare and review specific documents to ensure they comply with the law.
- Data protection term (with employees)
- Internal Policy
- Cookies Policy
- Password Policy
- Adequacy of contracts with suppliers and partners (related to data protection)
- Among others
We provide specific training to companies so that employees are aware that there is a regulation that involves the processing of personal data. Objective virtual classes about the subject will be available, as well as guide book using visual law elements for greater understanding.
We are living in the information age!
Nowadays data is the new gold, as this information is easily monetized for the most diverse applications and different industries.
And whilst technology and data related industries are growing, so is the concern about the privacy and security of such data. The number of hacker and ransomware attacks, for example, have been causing irreparable damage to people's privacy, as well as to the operations and finances of companies that find themselves hostage to this crime - and that may held responsible for the leakage.
Governments around the world are preparing for these transformations and are tightening the belts, creating new set of rules and regulations on how companies must treat and protect their clients personal data.
In this scenario, the Lei Geral de Proteção de Dados (LGPD) emerges in Brazil, which its main objective is to guarantee the legal security of personal data (which has even become a fundamental right in our Federal Constitution), the standardization of rules and new regulations.
The Brazilian law now defines how personal data must be collected, processed, stored, protected and how the processing of such data must be done, and also bring some penalties, such as daily fines of up to 50 million reais.
And It applies to individuals and companies that process personal data, regardless of quantity and sector of activity. Everyone must adapt to the new data economy.
Copyright © Clark & Picollo Advogados | All rights reserved.