Research & Development

LGPD Enhanced Security: How to have data control in the digital age

Dec 09, 2019 | 1369 views

The security with which our data is acquired and stored is one of the fundamental issues of our society as we live in the digital age. In practice, everything is stored in the virtual universe, cloud or local physical storage, whether it's photos, payment methods, documents or other sensitive personal information, which has aroused the interest of malicious people to break down technological barriers to take over. of this data.

Recently, Facebook stated that approximately 50 million accounts had been hacked, reinforcing the perception of vulnerability and lack of control and management over its customers' information.

The forerunner of GDPR was the General Data Protection Regulation (GDPR), a European law, published in 2016, to protect the personal data of European citizens on digital platforms. 

What has to be realized is that corporate IT areas are moving and seeking to lead the issue, while engaging other internal areas that are key in the processes of processing and using personal data from customers, business partners, and partners. business and employees. To avoid potential bottlenecks with applying the GDPR, a good data strategy involves developing a journey that goes through the following topics:

Advisory support: understanding the situation in which the company finds itself, analyzing the scenario in the light of the new law;

Data mapping: discovery of data adherence to GDPR, structuring and qualifying data by type, volume, risk and other criteria;

Analyze the impacts of data processing: evaluate the impacts of the data processed, mapping the life cycle of the information received in the business processes of the company, taking into account the barriers to achieve the proposed objectives. Also determine the standards required to adapt the information in accordance with GDPR, and suggest data protection and contingency measures in cases of breach;

Practice: implementation of data processing procedures regarding processes and technology;

Follow-up: monitoring, following guidelines of the National Data Protection Authority (ANPD) and other related bodies.

Being avant-garde before this new regulation requires not only technical criteria, but tact to deal with abstract consequences that permeate legal issues. The best corporate choices will be based on the balance between theory and practice, always taking into consideration the complete view of each case.

It should be borne in mind that information has become the main currency in the digital economy, with immense value to personal data. I believe that the priorities of the implementation of the Data Law should be security, mainly using and leveraging compliance to achieve maximum data governance efficiency.