DATA PROTECTION, INNOVATION AND TECHNOLOGY
Mapping of the procedures and policies adopted by the company regarding treatment of personal data
The General Data Protection Law (Lei Geral de Proteção de Dados, “LGPD”) was enacted on August 14, 2018 and will take effect in 2020. All operations for treatment of personal data carried out by individuals or legal entities, in the public or private sector, will be subject to the LGPD, irrespective of the medium (physical or digital), the country of headquarters or the country where the personal data are stored, provided that: the treatment operation is carried out in Brazil; the treatment of the personal data is intended for the supply of goods or services to individuals in Brazil; the data treated pertain to persons located in Brazil; or the personal data were collected in Brazil. Therefore, even if the company is domiciled abroad, it can be subject to the LGPD, except if the treatment of personal data is exclusively for: (i) artistic, journalistic or academic purposes; or (ii) public security, national defense or security of the State, or activity to investigate and deter crimes.
The compliance with the new rules on data will cause a veritable change in culture to be adopted by companies, since they will have to form multidisciplinary teams responsible for obtaining the engagement of all employees and outsourced workers that have a direct relation with the business activities carried out. In the final analysis, the rules on protection of personal data can in some way be violated at all links in the productive chain, causing liability of the company.
The Data Protection Team of Schmidt, Valois, Miranda, Ferreira & Agel is prepared to support companies in this compliance process, which demands mapping the entire flow of data within the company and its commercial partners. The work of SVMFA also includes identification of the existence of treatment of personal data in social networks and the company’s website, analysis of gaps in the communication processes, preparation of impact and crisis management reports, as well as assistance to establish effective control policies and mechanisms for compliance with the data protection rules.
How we can help:
- Mapping of the procedures and policies adopted by the company regarding treatment of personal data.
- Mapping of practices to prevent leakage of personal data.
- Creation of good practice policies, refinement of documentation for compliance with the LGPD and GDPR.
- Orientation for selection of the Data Protection Officer (“DPO”).
- Preparation of impact reports and crisis plans.
- Conduction of training sessions for engagement and awareness of employees and outsourced workers.