"During the past two years, companies have been in the process of adjusting data management to comply with current regulations "
In 2011, a new regulation regarding data privacy came into force, Law No. 8968 ProtecItion of the Person against the Treatment of Personal Data. This law defines what is considered personal data and how this information should be protected, depending on the use it is given. In 2016, an amendment to the law's bylaw was published with the objective of clarifying some key aspects that were not easy to interpret, thus facilitating the proper application of the law.
During the past two years, companies have been in the process of adjusting data management to comply with current regulations. This process has not been easy for many companies since it requires changes at an IT level as well as changes in internal policies, both in practice and on paper. This has become more relevant with the recent entry into force of the GDPR, the General Data Protection Regulation of the European Union.
Below are some recommendations that should be taken in consideration:
- Review consents
- Review the contractual clauses
- Implement mechanisms that guarantee the security and privacy of personal data
- Have a protocol for notifying security breaches Define internal procedures for the processing of
- personal data
- Define procedures for handling complaints / in-quiries
- Train personnel in the processing of personal data