privacy and
data security

The implementation from scratch consists of four steps:  

1 – Consultancy and Data Mapping 

To properly start the discovery and evaluation process, it is necessary to understand how the data processing flow occurs in the company.

Therefore, we will hand out questionnaires and execute an initial risk assessments in order to display a general data overview in your company.

2 - Data inventory 

At this stage, all areas of the business that process personal data will be deeply analyzed – that collect, store, process, transfer or receive personal data from data subjects (customers, employees, job seekers, partners and suppliers).

3 – Adequacy  

It will be necessary to adapt and develop data protection policies for all instances of personal data processing and assess whether they are adequate to meet the requirements of the LGPD. Furthermore, we will also check the legal basis for each purpose and data category.  

4 - Final Report and Team Training  

After the adaptation phase, it is necessary to put into practice all the new protection policies developed in the previous phase. To do that, it is necessary to raise awareness and train employees about the new changes and how they should proceed in case of doubt.

In addition, at this phase, we will also deliver a final report, so that the company can see its evolution throughout this period and have a roadmap on how it should act in the future to maintain and improve its policies.

Maintenance review (optional) 

Finally, we also suggest that companies annually consult with us in order to verify the current status of the implementations taken and if any improvements need to be adopted.

Data culture is here to stay, and it's a continuous process of improvement! 

Some companies already have a privacy policy and prefer to receive a one-off external consulting/audit. We carry out this service by preparing a risk report, pointing out the most emerging ones with suggestions for adjustments.

We prepare and review specific documents to ensure they comply with the law. 

• Data protection term (with employees) 
• Privacy Policy  
• Internal Policy  
• Cookies Policy  
• Password Policy 
• Adequacy of contracts with suppliers and partners (related to data protection)
• Among others

We provide specific training to companies so that employees are aware that there is a regulation that involves the processing of personal data. Objective virtual classes about the subject will be available, as well as guide book using visual law elements for greater understanding.