The Value Group held an event in partnership with the Gestão da Crise Portal on a very current and important topic: the General Data Protection Law (LGPD). For this, we conducted a survey with our clients and partners to identify the most common doubts about this subject, and then we brought in experts to address them.
Our specialists are from VaR Business Beyond, represented by Ronaldo Sirosse and Rodolfo Spigai. Our guests answered seven questions, which we list for you below:
>> Don’t have time or the inclination to read? Click here and listen to our podcast “LGPD in a Nutshell“.
The Role of the DPO
A new position emerging in companies. Can it be someone who already has other responsibilities?
DPO (Data Protection Officer) is an imported term; here, we use the term “encarregado” (responsible or manager). It is important to clarify that the encarregado is not the person responsible for the data nor the decision-maker, but rather the controller. The encarregado is essentially a facilitator, communicator, and manager.
They are the person who will handle external demands, whether from regulatory bodies or data subjects, and manage internal processes. The encarregado is a key facilitator and can be an existing employee within the company, with one important recommendation: they should not be mixed with the role of the controller.
While the encarregado might seem to have the most responsibility for data protection, the reality is that the true responsibility lies with the controller. Once the role of controller is assumed, they effectively become the person accountable for data protection.
Do I need to pay an additional salary for this role? What has been happening and what are the recommendations?
It has not been common to see an increase in salary for this role. However, since this is a position that requires at least a managerial level, many companies are assigning this responsibility to someone with that level of expertise. That said, some companies establish a committee instead of assigning the role to a single person.
The most important aspect is that the person responsible for this role is at a managerial level. Any failure in communication or execution could result in liability for the company.
Oversight and Recommendations
Who oversees LGPD compliance, and when will sanctions be applied?
Anyone can oversee LGPD compliance, including PROCON, regulatory agencies, the Central Bank, the Public Prosecutor’s Office, and even the police. Sanctions were initially expected to start being applied in August 2021, but Brazilian law includes something called the “dialogue of sources.”
This means that while the official enforcement timeline may be in flux, sanctions are already being applied in practice. For instance, on platforms like “Reclame Aqui,” there are already complaints related to LGPD, including labor-related issues.
Tips and Recommendations for Those Who Haven’t Complied Yet. Where to Start?
For those who haven’t started compliance yet, one thing is certain: revenue will drop. There’s also the risk of being reported by competitors, which will incur additional costs. Therefore, the recommendation is to get informed.
Understand what the law entails, seek more information, and find specialized services. There are plenty of free resources available to help you understand the law and avoid being misled. Do not start with anything that could put your business at risk.
