Covid-19Fernandes Figueiredo em FocoLGPD

11 de fevereiro de 2021

Advogadas do FF Advogados são destaque em artigo internacional sobre LGPD

lgpd

It is not new that Covid-19 directly impacted the daily lives of companies and changed the routine of employees, suppliers and customers. Companies were forced to adapt their businesses to the new reality created by the pandemic.

ln the case of companies that already had active compliance programs, it was necessary to review the risks linked to the business and, consequently, to reassess the entire compliance program, its policies and procedures.

Only with updated programs, adapted to the new social reality (during and after the pandemic), it will be possible to mitigate the risks related to the health of customers and employees and minimize the new risks appearing in situations that arose with the arrival of Covid-19, such as new business models, new hires, lay-offs, donations and all adjustments resulting from the various legislative changes of that period.

Almost 6 months after the arrival of Covid-19 in Brazil, we realize today that companies, in general, have returned to their activities, some in the old model, others in hybrid models and even others in a totally innovative model. ln any case, the reflexes of the pandemic are evident, especially with regard to the use of technology and the way in which companies communicate with employees, customers, prospects or suppliers.

Two simple examples of this new kind of communication are the use, by reason of the home office, of users’ remate access to data and information maintained within the companies, and the realization of virtual meetings, through the use of the numerous online platforms available on the market. These two examples show the sharing of data and information outside the corporate environment. Accordingly, more than ever, it is necessary to talk about the risks related to information security (loss and leakage of data and information, network intrusions, malware, etc.).

Obviously, it is important that interna} communication, training and all company policies are adequate to this new “virtual” reality, but not exclusively: information security risks must also be assessed under the perspective of the Brazilian General Data Protection Law – GDPL.

As known, entering into fore of the GDPL was extended and, specially regarding the penalties, will begin only in August 2021.

However, the current scenario requires information security risks to be urgently mapped and controlled, including the protection and adequat treatment of personal data used by compames.

Even though penalties provided for in said legislation, which may amount to fines up to R$ 50 million, will not be applied, nor the partial or total ban from the activities related to data processing until August, 2021, the mentioned penalties are far from being the worst problems generated by the improper leakage of these data.

Indeed, the damage caused by a leak of personal data or sensitive information can be fatal to the business, because they impact the credibility and image of a company, not to mention possible liability ( civil or criminal) not only of legal entities, but also of its partners or managers.

As we have seen, the Covid-19 pandemic impacted the shape of business, exposing as well the fragility of data and information security in companies. Therefore, even if the GDPL has not come into force, the new or old risks related to leaks, invasions or mismanagement of sensitive data and information require immediate action, inserted in the review of compliance programs and focused on compliance with the guidelines established by the GDPL.

 

Veículo: EuroLatamLex

Leia a da matéria a partir do original[:en]lgpd

It is not new that Covid-19 directly impacted the daily lives of companies and changed the routine of employees, suppliers and customers. Companies were forced to adapt their businesses to the new reality created by the pandemic.

ln the case of companies that already had active compliance programs, it was necessary to review the risks linked to the business and, consequently, to reassess the entire compliance program, its policies and procedures.

Only with updated programs, adapted to the new social reality (during and after the pandemic), it will be possible to mitigate the risks related to the health of customers and employees and minimize the new risks appearing in situations that arose with the arrival of Covid-19, such as new business models, new hires, lay-offs, donations and all adjustments resulting from the various legislative changes of that period.

Almost 6 months after the arrival of Covid-19 in Brazil, we realize today that companies, in general, have returned to their activities, some in the old model, others in hybrid models and even others in a totally innovative model. ln any case, the reflexes of the pandemic are evident, especially with regard to the use of technology and the way in which companies communicate with employees, customers, prospects or suppliers.

Two simple examples of this new kind of communication are the use, by reason of the home office, of users’ remate access to data and information maintained within the companies, and the realization of virtual meetings, through the use of the numerous online platforms available on the market. These two examples show the sharing of data and information outside the corporate environment. Accordingly, more than ever, it is necessary to talk about the risks related to information security (loss and leakage of data and information, network intrusions, malware, etc.).

Obviously, it is important that interna} communication, training and all company policies are adequate to this new “virtual” reality, but not exclusively: information security risks must also be assessed under the perspective of the Brazilian General Data Protection Law – GDPL.

As known, entering into fore of the GDPL was extended and, specially regarding the penalties, will begin only in August 2021.

However, the current scenario requires information security risks to be urgently mapped and controlled, including the protection and adequat treatment of personal data used by compames.

Even though penalties provided for in said legislation, which may amount to fines up to R$ 50 million, will not be applied, nor the partial or total ban from the activities related to data processing until August, 2021, the mentioned penalties are far from being the worst problems generated by the improper leakage of these data.

Indeed, the damage caused by a leak of personal data or sensitive information can be fatal to the business, because they impact the credibility and image of a company, not to mention possible liability ( civil or criminal) not only of legal entities, but also of its partners or managers.

As we have seen, the Covid-19 pandemic impacted the shape of business, exposing as well the fragility of data and information security in companies. Therefore, even if the GDPL has not come into force, the new or old risks related to leaks, invasions or mismanagement of sensitive data and information require immediate action, inserted in the review of compliance programs and focused on compliance with the guidelines established by the GDPL.

 

Veículo: EuroLatamLex

Leia a da matéria a partir do original[:es]lgpd

No es nuevo que el Covid-19 impactá directamente en la vida cotidiana de las empresas y cambiá la rutina de los empleados, proveedores y clientes. Las empresas se vieron obligadas a adaptar sus negocios a la nueva realidad creada por la pandemia.

En el caso de las empresas que ya tenían programas de cumplimiento activos, fue necesario revisar los riesgos vinculados al negocio y, en consecuencia, reevaluar todo el programa de cumplimiento, sus políticas y procedimientos.

Sálo con programas actualizados y adaptados a la nu eva real ida d social ( durante y después de la pandemia) será posible mitigar los riesgos relacionados con la salud de los clientes y empleados y minimizar los nuevos riesgos que aparecen en las situaciones que surgieron con la llegada de Covid-19, como los nuevos modelos de negocio, las nuevas contrataciones, los despidos, las donaciones y todos los ajustes resultantes de los diversos cambias legislativos de ese período.

Casi 6 meses después de la llegada del Covid-19 a Brasil, nos damos cuenta hoy de que las empresas, en general, han vuelto a sus actividades, algunas en el viejo modelo, otras en modelos híbridos e incluso otras en un modelo totalmente innovador. En cualquier caso, los refiejos de la pandemia son evidentes, especialmente en lo que respecta al uso de la tecnología y a la forma en que las empresas se comunican con los empleados, clientes, clientes potenciales o proveedores.

Dos ejemplos sencillos de este nuevo tipo de comunicación son el uso, por razón de la oficina en el hogar, del acceso a distancia de los usuarios a los datas y la información que se mantienen en las empresas, y la realización de reuniones virtuales, mediante el uso de las numerosas plataformas en línea disponibles en el mercado. Estas dos ejemplos muestran el intercambio de datas e información fuera del entorno empresarial. Por consiguiente, más que nunca es necesario hablar de los riesgos relacionados con la seguridad de la información (pérdida y fuga de datas e información, intrusiones en la red, programas maliciosos, etc.).

Obviamente, es importante que la comunicación interna, la formación y todas las políticas de la empresa sean adecuadas a esta nueva realidad “virtual”, pero no sólo: los riesgos de seguridad de la información también deben ser evaluados bajo la perspectiva de la Ley General de Protección de Datas de Brasil – LGPD.

Como es sabido, la entrada en vigor de la LGPD se ampliá y, sobre todo en lo que respecta a las sanciones, no comenzará hasta agosto de 2021.

Sin embargo, el escenario actual requiere que se cartografien y controlen urgentemente los riesgos de seguridad de la información, incluyendo la protección y el tratamiento adecuado de los datas personales utilizados por las empresas.

Aunque no se aplicarán las sanciones previstas en dicha legislación, que pueden ascender a multas de hasta 50 millones de reales, ni la prohibición parcial o total de las actividades relacionadas con el procesamiento de datas hasta agosto de 2021, las sanciones mencionadas distan mucho de ser los peores problemas generados por la filtración indebida de esos datas.

En efecto, el dano causado por una fuga de datas personales o de información sensible pueden ser f atales para la empresa, ya que af ectan a la credibilidad y la imagen de una empresa, por no hablar de la posible responsabilidad ( civil o penal) no sólo de las personas jurídicas, sino también de sus sacias o directivos.

Como hemos visto, la pandemia del Covid-19 impactá en la forma de los negocios, exponiendo también la fragilidad de la seguridad de los datas y la información en las empresas. Por lo tanto, aunque la LGPD no haya entrado en vigor, los nuevos o viejos riesgos relacionados conjugas, invasiones o mala gestión de datas e información sensibles requieren una acción inmediata, insertada en el examen de los programas de cumplimiento y centrada en el cumplimiento de las directrices establecidas por la LGPD.

 

Veículo: EuroLatamLex

Leia a da matéria a partir do original