*By Ramon Ito, Partner and Privacy Leader at Safeway.
Source: https://economiasp.com/2023/04/21/lgpd-um-pagar-para-ver-que-pode-sair-caro/
Despite the period of more than two years between the General Law on Protection of Personal Data (LGPD) come into effect and the fines start to be applied in March of this year, most companies did not comply with the rules and are waiting for events to unfold to make a decision whether to comply or not. However, this fictitious economy can have, in addition to financial costs, reflections on business and customer relations.
The first point of alert is that transparency and compliance in commercial negotiations have an impact on how institutions are seen by both clients and partners. When looking for partnerships, large companies are very cautious. They want to be sure that their allies are in compliance with financial and tax obligations, and have an ethical code that governs their actions. And with the LGPD it is no different, organizations are looking for partners that protect the data and information that will be shared. Even if your business is penalized for lack of diligence and knowledge of the new law, the message that will be sent to the market and your customers is that you had bad faith in the way you handled data. This reputation can result in a loss of customers and therefore income.
Despite the implementation challenges, the LGPD can bring significant benefits to companies. Customers' trust in an organization can increase if it complies with the law, demonstrating its concern for privacy and data protection. Furthermore, compliance demonstrates that the company is organized and respects the rights of individuals. Investing in the LGPD could result in better data processing efficiency, as well as digital transformation, ethics and transparency. The risk of security incidents that could financially harm the company and damage its reputation can also be reduced by companies adopting data protective measures.
If your company has not yet begun its legal compliance journey, this could be a crucial time to do so. Compliance with the LGPD requires a comprehensive and integrated approach, which involves the participation of various areas and specialized professionals, there are specialized institutions that can provide the necessary support and help to think about actions such as:
1 – Gather teams and map internal data processing operations;
2 – Review privacy policies, contracts and terms of use;
3 – Guarantee the rights guaranteed to the data subject;
4 – Describe the security mechanisms of databases;
5 – Develop a report on the impact of data protection and rules of good practice and governance;
6 – Appoint a data protection officer (DPO) and carry out periodic training to ensure good practices in the processing of personal data.
Adherence to the LGPD is not just a legal requirement, it is also a safeguard and investment in an organization's operations and future. Going beyond the amount of the fine, it is necessary to take into account all the potential issues that non-compliance with the law could result in, such as business losses, legal proceedings and financial sanctions that could seriously affect the future of the company. Therefore, investing properly in the LGPD is a strategic action that protects business operations and contributes to the sustainability and continuity of the company.
