GRC Viewpoint

LGPD2U: An All-encompassing Approach to Data Privacy and Compliance With a Focus on Critical Aspects

CRISTIANO SILVERIO

Director, Operations

“We are also starting the development of a “Do it yourself ” platform, focused on micro and small companies, allowing them to comply with the required regulations, have expert support, and be able to do it all at a cost that is attractive for their operations”

A major construction and real estate enterprise based in Brazil encountered an unexpected challenge. The firm had a stint with a privacy consultancy for implementing adequacy. However, the 14-month-long association could have been more satisfactory. Instead, it was merely a generic diagnostic report. The roles and responsibilities needed to be clearly defined. The adequacy actions could have been more effective, and the privacy program wasn’t feasible for the executives belonging to the real estate company. The firm finally approached LGPD2U, a Ribeirão Preto, SP – Brazil-based enterprise focusing on compliance processes with privacy regulations. LGPD2U began three years ago. The company aimed to introduce an innovative approach to compliance with privacy regulations for clients. The creative thinking and strategy were based on a shift from the usually followed practice of linear actions. Earlier, the process took one to two years to derive results. Instead, LGPD2U introduced its Privacy Office concept with complementary and parallel disciplines leveraging concurrent efforts. As a result, positive results were obtained within about sixty days.

LGPD2U extended an all-encompassing approach that covered critical aspects, including consent management, cookie management, data subjects service portal, and data collection forms analysis. It took merely sixty days to implement the entire internal governance structure. The success of these internal measures helped to regain the client’s confidence. The other issues sorted by LGPD2U for the enterprise range from concerns with respect to the mapping of data processing activities, automatic discovery of personal information, management of privacy risks, and training and awareness. The enterprise is currently in its third annual continuous improvement cycle. Cyber insurance is reduced owing to adequate security and governance. The privacy governance platform extended by Securiti has been extensively leveraged in combination with the automation of discovery and intelligence of personal data to expand profitable results. The team of experts is always confident that they are above the market trends and is well aware of the legislative laws associated with each country. Today, the enterprise caters to clients worldwide. The main challenge while addressing the client’s needs is to ensure that the compliance requirements with respect to individual countries are adhered to. “This compels us to seek to improve our operating model through intensive process automation and the use of machine learning to increase consistency and reduce the cost of our deliveries,” says Danilo Penna, President and Sales Director.

THE PRIVACY OFFICE

The Privacy Office offering covers all disciplines essential for a privacy management program. Leveraging internally developed task automation over a solid privacy governance platform, LGPD2U not only recommends practical and industry-specific compliance, but we also walk the entire way with our clients. Our approach covers implementation, maintenance, operation, and improvement in privacy programs on legal, business and administrative, and technologyrelated tasks,” informs Penna. LGPD2U brings the one-stop-shop concept to its full potential incurring a monthly fee without any Capex. The privacy solutions providers market is relatively immature. There is a diverse range of providers, and every one of them extends a different approach. Besides, internal teams need more resources or time to dedicate to maintaining the privacy governance structure. “At this point, the LGPD2U Privacy Office addresses the needs through a proactive performance of our team, integrated into the processes, policies, and culture of our clients. Our clients say that they rarely come across such a complete product that covers the technological, procedural, administrative/ documental aspects,” adds Penna.

THE FUTURE-ORIENTED APPROACH

LGPD2U is focused on establishing partnerships with leading information security solutions manufacturers. Through teamwork, the enterprise hopes to address the issues related to governance and protection of customer’s strategic data, both personal and non-personal. “We are also starting the development of a “Do it yourself ” platform, focused on micro and small companies, allowing them to comply with the required regulations, have expert support, and be able to do it all at a cost that is attractive for their operations,” says Cristiano Silverio, Director, Operations.