top of page

LGPD and the importance of
reviewing your business processes

By MD2 Consulting

The General Data Protection Law (law 13.709/18) is clear when it cites the need for each company, regardless of its size, to stay organized to prove, at any time, diligence with the imposed guidelines.

In this sense, the first step is to understand that without a good business process analysis and risk management there will be no compliance with LGPD. According to article 50 of the law, it is considered a good practice companies that can establish "organizational conditions, the operating regime, procedures, including complaints and petitions from data subjects, security standards, technical standards, specific obligations for the various parties involved in the processing, educational actions, internal mechanisms for supervision and risk mitigation, and other aspects related to the processing of personal data," not to mention that, also according to the law, your company must be able to prove, at any time, compliance with the guidelines described.

A well-structured process helps your team to understand the steps and adapt them to comply with the law, especially when they involve personal data, avoiding gaps and "holes" between the steps (eminent risk that, many times, was not yet identified). Understanding the purpose of each of the business processes is the key to better understand your company, being able to define, in the best way possible, the people in charge and their responsibilities.

For all this to occur within your company, revisiting your business processes becomes a key issue. When you have a thorough understanding of all the steps of each process, you truly understand how your company operates in each sector, and can work to follow each practice required by law. Of course, this is a difficult action for a single team member to take. In this sense, having the support of a tool can be a good strategy.

MD2 Consulting, through MD2 Quality Manager, offers exclusive modules to guide you in the formalization for setting up the most diverse types of organizational structure. This enables the detailing of roles and responsibilities for LGPD compliance management. Process Mapping is one of Quality Manager's functionalities that will help you in your quest for compliance. In this step you will document and standardize (by formalizing the structure) and study the company's processes.  It is important to remember that the LGPD also brings the need for the elaboration of new processes, such as, for example, the fulfillment of the holder's rights.

Want to understand more about the importance of reviewing business processes for LGPD compliance and know how MD2 can help you? Contact us!

bottom of page