As a company that deals with user data on a daily basis, it is essential to be up to date with the new LGPD regulations. After all, assuring customers of the security of their data is paramount.
It is not an easy task to restructure a company's processes, but businesses that wish to operate in compliance with the law when it goes into effectLGPD, need to work on a compliance project to structure the handling of the data collected according to the new privacy and freedom rules.
Therefore, here are some steps to help your company comply with the law and avoid problems such as data leakage, penalties, and users' distrust in your brand. Check them out below!
Make a diagnosis
To implement a new process you need to know the current path that people's information takes in your organization and the lifespan of this data, from collection to storage and use.
You need to find out where this data is, what systems store it, or what documents or forms are stored. Take the opportunity to review what you should keep.
A data mapping tool, can design questionnaires in order to get a "resume" of your operation. Some key questions for the questionnaire are:
- How much data is being handled?
- What type of data is being handled
- Who is responsible for the data?
- Why was the data collected?
- What is the legal reason for continuing to process the data?
- How long will the data remain in the company's database?
By locating this data, it is easier to review the information in accordance with the LGPD and to trigger the responsible department if necessary. Depending on the size of the organization, it may be advisable to hire the services of a consulting firm.
Assemble a team
To do the data collection, it will be essential to count on people in your team who deal with data on a daily basis. Teams such as Legal, IT, commercial, HR, marketing, sales, and finance will have fundamental knowledge about processes and systems used that will help in the diagnosis of your company.
Once this is done, it's time to define the data handling agents. They will be responsible for making contact with customers, internal public and with the regulatory agency, the National Data Protection Authority - ANPD.
The implementation of this team will depend on the stage of development of the company. It may be necessary to hire staff to do these functions, to adapt current employees, or to rely on third-party companies that specialize in data protection.
Prepare an action plan
With the help of your team or partners, put together an implementation plan indicating changes, ways to implement the new process, a schedule of actions, and who will be responsible.
Once the action plan is implemented, it is essential to monitor your organization to ensure that the result is maintained over time.
By monitoring the action plan, further adjustments will be necessary until the process is clean and working properly.
Choose tool and strategic partners
How to manage all this process change in a company? This work can be done with the creation of an internal system, or with the use of a third-party platform that exclusively performs data management. There are also specific tools for each of the pillars that make up the new law.
LGPDY, for example, is focused on the user consent pillar. Through a popup on the site, we inform the customer about the cookies used and the information that is collected, giving the customer the option to accept or refuse data sharing.
You can scan the cookies used on your site and find out whether they comply with the law and also 30-day free trial.
Be transparent with your customer
Don't forget that the goal behind this change is to increase companies' security and transparency with society. This way, your customer will be able to question the status of their data and even request the deletion of everything.
Facilitate the communication channels with the public and keep an open and clear dialog with your customer.
A transparent relationship will be good for both sides.
The adaptation of the company to the LGPD is an intense and complex work, but it is worth it so that you do not have problems with the legislation and do not put at risk, customer information.
Perhaps a data privacy management system can be a great ally in this process and help you act in compliance with the law. Contact our team and get to know our solution.
And if you want to learn more on the subject, you might like to know about our eBook "A Guide to LGPD or if you prefer, we have an introductory course on the subject, to enroll, just click here. click here!