Costs of compliance with the law are lower than those arising from cyber attacks.
Since it came into force in August 2021, the Brazilian General Data Protection Law (LGPD) has raised a wide range of concerns. Although it was approved in 2018, the three years that passed until its implementation were not enough for all doubts to be resolved. After all, the law represents an unprecedented change in the daily lives of companies that handle personal data and that now need to comply with current regulations.
Adhering to the LGPD entails costs for companies, without a doubt, as they have to comply with a series of unprecedented obligations, such as training employees on correct data protection, the need to invest in a digital security system and the presence of a Data Protection Officer (DPO), which we’ll cover later. However, these costs can be considered investments when evaluating losses from cyber attacks.
According to a report by IBM Securities, cyber attacks cost an average of US$ 1.35 million for companies in Brazil. This number can be even higher for small and medium-sized companies. Companies with up to 500 employees have lost $2.5 million or more, a devastating figure for sales that top $50 million a year.
Furthermore, the financial impact is felt in the long term. Also according to the survey, breach costs can extend beyond two years. Apart from that, the company still suffers from a worn image and loss of credibility in society, situations that are difficult to reverse. That cost is incalculable.
In this scenario, ensuring customers that their data is properly protected is an investment, in addition to a legal obligation. Sanctions are onerous in case of leaks. That old saying goes: prevention is better than cure.
The new legislation places Brazil in the list of countries with the best practices regarding the protection of personal data, requiring companies to implement technical and organizational measures to ensure that the processing is carried out safely. It’s an opportunity to offer customers an added advantage, after all, personal data is today a valuable asset.
Data Protection Officer (DPO)
LGPD determines all parties involved in the processing of personal data. In addition to the owner [of the data], there is the controller and the operator, also called processing agents and those responsible, respectively, for making the decisions and carrying out the data processing. It is also mandatory the presence of a Data Protection Officer (DPO), or simply the person in charge, someone who will be the bridge between the interests of the owner, the company and the National Data Protection Authority (ANPD).
The DPO is essential for complying with the rules set forth in the Brazilian General Data Protection Law. Their performance goes from end to end, from guiding and training teams on the correct procedures, generating impact reports to monitoring any changes, to ensure the company’s compliance with current regulations.
Pryor Global provides the DPO outsourcing service. Our team is made up of highly qualified professionals, aiming to help companies meet the requirements set out in the Brazilian General Data Protection Law. We guarantee security and transparency in the processing of personal data, respecting the privacy of customers, employees and business partners.
Talk to one of our experts and find out how we can help you!