With the implementation of the General Data Protection Law (LGPD), learn how we store and use your data responsibly.
Published in August 2018, the General Data Protection Law (LGPD) improves the protection of personal information for Brazilian citizens. The legislative changes have led organizations to rethink how they store and use their users' data—and Bertolini was no exception.
As always, the company valued a relationship of trust and transparency with its people. Below, learn more about what the new law says and how Bertolini adapted to the new process.
What is the General Data Protection Law?
THE General Data Protection Law It was inspired by the General Data Protection Regulation (GDPR), a European law on data protection. With this legislation, companies and public bodies are changing the way they collect, store, and use people's data. Thus, the LGPD aims to protect the freedom and privacy of Brazilians.
Furthermore, users can freely check what information companies hold about them. And, if they wish, they can request its removal from the system. This includes any and all information related to an identifiable natural person, from document numbers to information deemed "sensitive," such as sexual orientation and affiliation with political or religious organizations.
Companies and organizations caught violating the law may be fined R$$ 50 million or up to 2% of their revenue per infraction. However, these penalties are only valid from August 2021, according to Law No. 14.101. Oversight will be carried out by the National Data Protection Authority (ANPD). Journalistic, artistic, public security, state, and criminal investigation and repression companies are not eligible for oversight.
What changes were made to the company to comply with the LGPD (Brazilian General Data Protection Law)?
Bertolini is always connected to important legislative changes affecting the sector and the country. This is one of the reasons why the company is a benchmark in Latin America in its field.
From the beginning, he observed the importance of General Data Protection Law in the way of doing business. In 2019, even before the new rules came into effect, Bertolini began its adaptation process by mapping the data that flowed between the various sectors, internal structures, and suppliers.
After the mapping was completed, the technical issues that could impact data collection within the company were analyzed. For example, the various systems used within the Bertolini Group, with risk mitigation analysis through the technology and information systems sector.
Bertolini created a Compliance Committee in LGPD. It included members from the Legal, HR, and Information Technology departments, and this group also appointed a Data Protection Officer: Sheila Pastore, who contributed to this article.
Together, those responsible established awareness and monitoring activities to ensure compliance with the law within the Bertolini Group. They also oversee the development of best practice manuals for data protection and other instruments necessary for the company's compliance—both for internal and external audiences.
“Contractual changes were made throughout the Group's relationship chain, demonstrating compliance and transparency with legislation for all our stakeholders. We established an in-company education schedule, which began with the company's managers and continues to reach all employees,” says Sheila.
Bertolini understands that LGPD It is a living instrument, and the company is constantly adapting to handle the data of its clients, consumers, and partners with the responsibility that has always been its hallmark.
How Bertolini uses your data responsibly.
To carry out its activities in its diverse fields, Bertolini collects, receives, and stores a range of data—personal or otherwise. It does the same with its own employees, customers, partners, and suppliers. Among the information collected are full names, identification documents, email addresses, and dates of birth.
The data is used by Bertolini to fulfill its objectives as a company. Generally, this is done in the execution of contracts, such as employment contracts and purchase and sale agreements. "It is important to emphasize that one of the phases of the company's compliance process is to ensure that all personal data used is employed only when there is an adequate legal basis, as determined by articles 7 and 11 of..." LGPD“Sheila recalls.
Access to data is granted to authorized employees. This procedure was already practiced at Bertolini even before the General Data Protection Law existed in Brazil, due to the responsibility with which Bertolini handles the data it holds, whether personal or not.
How is this data stored?
Another important point of the new legislation concerns storage. Information is stored in dedicated, encrypted structures, protected with SSL (Secure Socket Layer) technology. In other words, when data travels from our servers to the user's computer, it remains confidential. Thus, Bertolini prevents information from being transmitted or accessed by third parties.
When Bertolini needs to contract third parties to store or process data on its behalf, such as a data operator, these partners must have the same level of security that the Bertolini Group employs in its usual procedures.
In this way, Bertolini takes care of your data as it does all its other activities: with competence and responsibility.
You may also like:
What is a logistics audit and why is it important?
Lean Manufacturing, Agile and Scrum: understand how these methodologies work and their applications
Technology in the inventory and storage sector: the reality for the next 5 years
