GDPR in digital security

By October 19, 2021 No Comments

*By André Barbosa

What should I understand and know about digital work

We live in the fourth industrial revolution and as we all know, the world is increasingly connected and our data flows, open or not, on the global network, although we do not realize at all times a multitude of data is being collected and stored within pre-established processes by many companies and tools, so that they become information in such a way that it can be used intelligently in the future.

But do we use this data correctly? I have not authorized the storage of my data, what should I do? Do I also have this procedure in my company? Does my company have digital security?

A brief comparison between the past and the present

In the not-too-distant past, it was common for us to go shopping at the mall and come across someone in a store who would offer us a card. of the process, approved or denied, it was common to receive insistent calls from call centers or even receive an email containing some promotion about something we were apparently looking for, there are still processes like this today, but I invite you to think, where does this data go and what do they do with them?

Many companies make a living from creating databases and selling them on the market, but with current regulations and standards in force, this is no longer allowed, in general we can see a significant drop in this modality of operation by many companies, and this can be attributed, among others, to the new legislation of the LGPD (General Data Protection Law) that modifies this entire scenario within companies and responds to questions about and how, both their data and the other data of everyone should be treated, stored and worked, now we should think about how your company is concerned with this regulation?

But how to LGDP does it fit with digital security and how does it affect me?

As important as operating your business is knowing and understanding if it is exposed to processes and failures, human or operational, that may reflect in non-compliance with this new regulation, as non-compliance may reflect some problems, whether financial or even legal.

Imagine that an employee of your company leaks some internal data, even if unintentionally, if these data are from the personnel department, such as payroll or information about the social life of a client, what impacts would this bring to your business? A simple information leak can give you a fine ranging from 2% of your billing up to R$ 50 Mi for infringement, but also data blocking and repairing the guardian who was affected by that leak may occur.

The LGPD came to add to digital security and its processes for protecting personal data, as it establishes a series of roles and controls that must be understood and applied with great care and responsibility, its employees, in turn, must understand their participation within the organization and how they can help or cause an incident when requesting, processing, storing or passing on information from each customer or person, a way to aid in this understanding is to apply the classification of information, which should be an internal policy of the company to enable all collaborators and thus help them to understand what level of information can be communicated, to whom it can be communicated and how it should be done.

Regardless of the sector your company operates in, you will need to store data, even if it is not the data of any customer, it will be the data of your employees, LGPD does not extend only to the treatment of its customers, but to the whole any natural or natural person.

— André Barbosa is a Senior GRC and Information Security Consultant at Safeway

THE Safeway and its positioning in the market

Safeway is a company specialized in consulting focused on the Information Security segment and recognized for the excellence of our clients, adding knowledge and taking strategic actions to the business, our consulting base, added to the processes and certifications, makes us recognized and adds credibility for our customers.

Even though there is no safe 100% way of acting or predicting the most varied types of situations, a specialized consultancy focused on the topic can make you discover flaws and adjust processes that help fill these security gaps and processes that are in non-compliance, this ranges from procedures and basic principles such as specific training on Information Security (SI) to the application and creation of an Information Security Master Plan (PDSI).

considered a One Stop Shop we have everything you need with the quality you deserve.