1. Appoint a Data Protection Officer
The LGPD requires organizations to appoint a data protection officer (DPO) who is responsible for monitoring and ensuring compliance with the new privacy law.
2. Assess Current Policies & Procedures
Assess your current policies and procedures related to data collection, storage, processing, and sharing to ensure they are LGPD-compliant.
3. Implement Necessary Changes
Based on the assessment of current policies and procedures, implement any necessary changes to ensure compliance with the new privacy law.
4. Develop a Data Governance Framework
Develop and implement a data governance framework that outlines the processes for handling personal data in accordance with LGPD requirements.
5. Provide Transparency & Notice
Ensure that individuals have clear, transparent access to information about how their data is processed and stored, as well as the rights they have under the new law.
6. Establish Data Security Practices
Establish data security practices to protect individuals' personal data from unauthorized access, use, or disclosure.
7. Monitor and Report Any Breaches
Organizations must monitor and report any data breaches involving the personal data of individuals to the appropriate authorities within 72 hours of discovery.
8. Train Employees on LGPD Compliance
Develop a training program for all employees and contractors that outlines the organization’s LGPD compliance policies and procedures.
9. Regularly Review & Update Policies
Organizations must review their LGPD compliance measures on a regular basis and update them in accordance with any changes to regulations or best practices.