Top Priorities for Public and Private Organizations to Effectively Implement the New Brazilian General Data Protection Law (LGPD)

This is the second paper of the special Joint-Project “Effective Implementation and Regulation Under the New Brazilian Data Protection Law (LGPD)”, by CIPL and CEDIS/IDP.

This project aims to:

• Facilitate information-sharing about the LGPD
• Inform and advance constructive, forward-thinking and consistent LGPD implementation
• Enable the sharing of industry experience and best practices
• Promote effective regulatory strategies concerning the LGPD

This paper suggests the following organizational priorities for LGDP implementation:

1. Understanding the LGPD impact on the organization and obtain buy-in from top management
2. Designate a person in charge of data protection and identify and engage key stakeholders
3. Identify the organization’s processing activities and the data that the organization handles
4. Determine the organization’s role and obligations as a controller or operator
5. Assess the privacy risks associated with the organization’s data processing
6. Design and implement a data privacy management program covering the LGPD requirements
7. Define the legal bases for the organization’s data processing activity
8. Define technical and organizational measures for effective data security and internal reporting and management of security incidents
9. Identify all third parties with which the organization shares personal data and establish a third party management process
10. Identify the organization’s cross-border data flows (inbound and outbound) and put in place appropriate data transfer mechanisms and safeguards
11. Build effective processes for transparency and data subject rights
12. Train employees on LGPD requirements and create an awareness-raising program

Download Now