LGPD

LGPD

The great volume of data presents specific security challenges, especially when it comes to personal data.

To protect the data of individuals, the LGPD was created, an acronym to designate the General Data Protection Law (Law No. 13.709), that aims to secure transparency in the use of data belonging to physical people.

The law applies to the total or partial processing of personal data by automated and non-automated means, which may form part of an archiving system or are intended to form part of archiving. From the advent of the new legislation, the data owner must provide his consent for the use and further processing of his data, such as deletion and portability.

Agile Approach to GDPR

TGT Consult has developed a methodology based on Agile Methods, accelerating a cultural transformation from diagnosis to implementation. Everything takes place in sprints with the business areas in discussions of day-to-day business situations. In this way, the “legalese” is avoided and the appropriation of the concepts of the Law by employees is ensured, in addition to accelerating the implementation of adjustments and the action plan.

Personas LGPD

Use of Personas

The central element of compliance with the LGPD is the individual, or rather, data on individuals that are processed in each business area. To facilitate the documentation and understanding of vulnerabilities, in our methodology we call “Personas” each individual profile that has data processed within the organization.

E.G: Customer (Resale, Consortium, Retail, etc.), Commercial Contact of a supplier, Prospect (by business unit), Employee, Service Provider, Third Parties, Former customer, etc.

Risk analysis

The survey process is all done through interviews or workshops, which guarantee the efficiency of the diagnosis and start the process of training and cultural adaptation, making users aware of the realities of LGPD within the context of their business area.

Information Security Diagnosis

There is no compliance with the LGPD without adequacy in information security and cybersecurity.

Information security, cybersecurity, and GDPR are correlated topics. They cannot be neglected and any analysis must be carried out by a separate work front focused on IT executives. On this front, TGT has highly specialized professionals who will evaluate the Information Security Management and controls applied, identifying risks, threats, and vulnerabilities, through a Framework aligned with ISO27.001 (Information Security) and ISO27.701 (Privacy )

Understanding the GDPR

Organizations must do a detailed mapping of how personal data is handled, in addition to identifying its entire lifecycle. Know where they go, where they are stored, who has access, and if they are shared with third parties, in Brazil or abroad. Once the data is mapped, and security deficiencies are detected, the organization must start implementing controls to make the transaction of personal data secure.

Where does GDPR apply?

Personal Data: information related to the identified or identifiable physical/ individual person.

Includes: individuals, employees of our company or third parties, optical trademark, hospital registration number, registration number, etc.

Sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious organization, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

Onde NÃO se aplica a LGPD

Owner Information that cannot be identified, using reasonable techniques available at the time of processing.

Legal entity data: any data that identifies the legal entity, e.g.: CNPJ, state registration, municipal registration, INSS, FGTS, registration in licenses, and permissions with public bodies.

Agile approach

TGT has developed an innovative approach to address compliance with the LGPD based on agile methodologies, which in addition to shortening project deadlines, allows the capture of benefits from the beginning of the diagnosis, ensuring a transfer of knowledge and cultural transformation of the employees involved.

Exclusive Agile Approach

We successfully execute adaptation projects for
large clients in Brazil, adopting an agile approach.

Experienced IT and Process Professionals

Consultants with deep experience have held executive positions in companies such as Gartner, EDS, EY, PWC, and Bain.

Association with Lawyers Specialists in Compliance and Privacy

The synergy between TGT’s experience in business processes and Information Technology combined with the legal knowledge of the law firm dedicated to LGPD and Governance, Risks, and Compliance, guarantees the client a broad and secure view of the proposed solution.

Independence, Exemption, and Transparency in Decisions

Our strategic guideline is to be exempt, as TGT has an exclusive focus on advice and management consulting, and for this reason, we do not perform any type of system development or implementation service, nor do we partner with suppliers of these types of service, keeping our commitment to exemption in decision support processes.