We’ve been hearing about the General Data Protection Law (LGPD) for a long time, right? It came into effect here in Brazil in 2020, but the sanctions defined by the new law began to apply in August 2021. This means that companies that do not respect the LGPD may, from now on, receive warnings and even pay fines of up to R$50 million.
The LGPD has rules for collecting, processing, and storing people’s data. Of course, the first concern here is related to digital content – all the time, we capture data on the internet (and give ours away). And this conversation has everything to do with the Internet of Things, as these projects involve (a lot of!) steps of collecting and handling information. Therefore, we decided to gather quick and essential tips for your company to adapt to the new scenario.
Do people know what data we collect?
First (and perhaps most important) point: do people know what data your company collects? All people who, in some way, relate to the organization give information, but do they know which? And, if they know, are they in agreement with this?
You must have authorization from people to collect, store and process data. And this is true not only for your company’s end customers but also for the entire supply chain – LGPD is also true for the relationship and processes with suppliers.
If it is not possible to have individuals use authorizations, one way out is to always leave the information anonymous due to the volume.
How to work the data?
Does your company know what data is collected? Do they work with users’ names, ID numbers, bank details? This is the first step: understanding what information is worked on within the company.
Once you do, you already know what data the company collects from users, customers, partners, and employees. Now it’s time to understand how this information is stored and handled. The tip here is to have a large inventory of this data to map how it is handled and processed.
Is the information secure?
Security is the foundation of any IoT project from day zero. A study by 451 Research shows that 55% of IT professionals consider this as their top priority – we talk more about it in this text.
With the LGPD, this care needs to be doubled, and technology is a great ally. It is worth investing in implementing a good security program capable of guaranteeing the privacy of information and the management of this data.
Relying on good security practices is also interesting to be able to minimize damage from possible unforeseen events. Make sure your company has a good vulnerability management plan, that is, test the security of your projects all the time to be able to detect any problems more quickly. Just as companies advance in safety, so do cybercriminals.
Who oversees LGPD within the company?
The new rules are here to stay. So, in addition to adapting all the company’s processes to this new moment when the law comes into force, it is necessary to ensure that maintenance will be carried out. In other words, it is essential to have a team focused on these issues in the long term – following changes in the scenario, ensuring safety, and so on.
If you can’t have people dedicated to these roles, it’s worth thinking about an essential “checklist” of actions to be revisited from time to time. All in order not to lose sight of the most important thing: the LGPD is here to stay, and we must always be aware of how we store, collect and work with information. This is the point of no return. Is your company prepared?
If you still have questions about dealing with the LGPD, don’t worry! No need to become an expert on the subject! Our teams at Logicalis and EUGENIO are prepared to take care of everything for you. If you have any questions, please get in touch with us here.