LGPD is good for business
This Wednesday at ABPI’s 40th International Congress on Intellectual Property, speakers Alex Bermudez, from Onetrust, Carla Manso, from Compugraf, and Lucas Gobbo, from AB Inbev, agreed that the General Data Protection Law (LGPD) will not hinder business but, on the contrary, can even help companies. They joined the panel “Challenges and best practices for the protection of personal data under the LGPD”, mediated by counselor Renata Lisboa, from ABPI.
In his presentation, Bermudez focused on the use of technology to implement an LGPD program in companies. He listed the principles that must be observed: purpose, adequacy, need, free access, data quality, transparency, security, control, prevention, and non-discrimination. According to him, data processing agents should implement technical and administrative security measures to protect personal data from unauthorized access, destruction, loss, or any form of improper or illicit treatment. “Companies have to remember that the awareness of their employees is essential to ensure a safe and effective data policy”, he said.
The representative of AB Inbev explained how the process of implementing a data processing system took place within the company. AB Inbev, the largest brewery in the world, based in Belgium, relied on European legislation, which is considered one of the most rigorous in this regard. For Gobbo, when companies have to comply with data protection legislation, they are obliged to organize their data internally, which, before being a problem, can be an opportunity. “The organization of the data can serve to foster the economic and technological development of the company, as it will show a value that was hidden”, he explained.
On the other hand, companies are facing the challenge of implementing privacy governance and data protection program, which, according to Gobbo, is complex and does not happen overnight. According to him, this governance should be based, among others, on the commitment of the entire organization, the adequacy to the structure and volume of operations, as well as the sensitivity of the data processed. It must also implement policies, and safeguards, establish a relationship with the data subject and have plans and responses to cases of accidents in the treatment of data.
For Carla Manso, from Compugraf, privacy and information security go hand in hand. “There is no point in having a data management tool without an information security system”, said Carla, for whom the support and awareness of all employees in the process of adapting the company to the LGPD are essential. For her, the implementation of the data protection system, regardless of the legislation, is continuous and permanent. “It is not a project, it will never end, but it will continue to constantly improve features within the company”, she said. “LGPD is a living law and people will have to internalize this new culture”.
You can review this lecture at any time by accessing the Congress website and logging in to the link.