The Brazilian General Data Protection Law (LGPD – Law 13,709 of 2018), passed on August 14th, 2018, applies to any public or private organisation that collects, stores, processes and shares personal data within Brazil’s borders – whether obtained in Brazil or in other countries, regardless of the medium in question (analog or digital).

We understand that, like the culture of security, the measures proposed by the LGPD can be adopted by organisations of any size, profile and budget.

Besides protecting themselves against financial losses and damages to their image, companies with a compliance program aligned with LGPD requirements are more likely to make themselves stand out in both the domestic and international markets and with their stakeholders.

This is why Berghem – Smart Information Security offers services that are tailored to adapt your organisation to the compliance program required by LGPD in activities, such as:

  • GAP analysis and action plan for implementing the law
  • Risk assessment and suggesting improvements for compliance
  • Requirements gathering, planning and implementing a compliance process
  • Support for adapting and updating the technological environment;
  • Adapting or updating privacy, governance, and data protection policies
  • Structuring, revising and improving incident response and remediation plans
  • Support for issuing an impact report on the protection of personal data (DPIA)

  • Ethical hacking tests (EHTs) for web/mobile apps and on wired or wireless network environments, assessing the company’s defences against data leaks
  • Assessment of Cyber Security Maturity
  • Compliance analysis on software development processes (web and mobile)
  • Assistance in designing, structuring and implementing mechanisms and security & privacy by design solutions in applications, products and services
  • Raising awareness on the culture of data protection through training and coaching

Breaching the law results in punitive actions against companies, groups or conglomerates, with fines that can reach up to 2% of revenues – limited to a total of R$ 50 million per violation – in addition to blocking and/or deleting personal data related to the offenses.

(Article 46 of the LGPD) Processing agents shall adopt technical and administrative security measures to protect personal data from unauthorized access and from accidental or unlawful situations involving destruction, loss, alteration, communication or any other occurrence arising from improper or unlawful processing.

Schedule a meeting

Rely on Berghem to assist you in keeping the information and assets of your company, customers, executives and other stakeholders secure.
[email protected] +55 11 2391-5745