05/01/2021

By Leonardo Neri

In order to facilitate compliance with the General Data Protection Law (LGPD), already in force, the Digital Government Secretariat has prepared a set of actions that aim to implement a data protection culture in Federal Government bodies.

In its sole paragraph of Article 1, the LGPD states that all the rules of the aforementioned legislation are applicable to the Union, States, Federal District and Municipalities as controllers or operators of personal data, which justifies the Federal Government's concern to adapt, especially as the effective date of the rules that provide for the sanctions applicable to non-compliance is approaching, which will occur as of August 1, 2021.

The aforementioned set of actions proposed by the Digital Government Secretariat is in line with the Digital Government Strategy (EGD), especially with objectives 10 and 11 of the principle of Trustworthy Government, which, among other things, provides for the delivery of “milestones” necessary for compliance with the LGPD, in order to provide assistance to the bodies of the Information Technology Resources Management System (SISP). The complete EGD can be consulted on the Federal Government website (https://www.gov.br/governodigital/pt-br/EGD2020).

To start the adaptation plan, according to the proposed set of actions, SISP bodies will be invited to respond to the LGPD Adaptation Diagnosis form, where the maturity index of the adaptation process will be assessed, so that implementation methods can be suggested according to the level of each body, which is materialized in the Operational Guides, which are published on the Federal Government website, with constant review.

To date, the guides for the Privacy Governance Program, Personal Data Inventory, Terms of Use, Risk Assessment, Contract Adequacy and Data Protection Impact Report – RIPD are already available.