GDPR is a very thorough regulation, requiring control of personal data processing, distribution and storage. It has been used as inspiration for other regulations including Brazil’s Lei Geral de Proteção de Dados LGPD, its general data protection regulation.
If a GDPR governance process is already up and running, then that investment can pay off for LGPD as there are many areas that overlap. But identifying the similarities and differences, and how they map to data and processes, needs a flexible metadata solution that can deal with policies, regulations and how they interact with data flows.
It’s a question of interpreting regulations into privacy requirements - leading to metadata being tracked across the organisation - then mapping the latest regulations against these and identifying gaps to implement. If this has already been done for GDPR and your organisation is already managing this metadata, then the good news is that your costs will be reduced this time as well as for future privacy regulations.
One thing to remember, though, is that there is additional complexity with new privacy regulation aspects that are not covered by the regulatory overlap, such as cross-country obligations. In the same way GDPR covers data held and processed about EU individuals anywhere in the world, LGPD also applies to data held on Brazilian individuals, irrespective of where in the world it is processed. That means EU entities now need to know where Brazilian individuals’ data is processed. And a US entity will need to know about both. Regulations are building a web of dependencies on knowing where people are from, where processing is taking place and for what reason. This all requires a thorough understanding of data and a good way to keep track of all privacy-related metadata.
That’s where Solidatus comes in. A significant benefit of Solidatus’ flexible underlying model is that it promotes modelling of all relationships, including those which might be outside of traditional data cataloging and governance, such as regulations, policies and organisations. Putting all this together with systems, processes and data flows shows the impact of data privacy regulations in context, and allows for insights that are only possible when all the information is available.
One upside for Brazilian companies that are implementing LGPD, is that it will make it easier to add EU (and UK) customers and comply with GDPR. More privacy regulations are coming - international companies will benefit from an investment in flexible metadata management, which will pay out returns each time.
Whilst LGPD is already in effect and enforceable, the date for enforcement of administrative sanctions is August 21, 2021. If you haven’t already done so, now is the time to ensure your processes and data governance comply with LGPD.
Solidatus model highlighting overlap between LGPD and GDPR in Data Handling Rights:
You may also be interested in:
“How to turn a regulatory burden into an operational advantage” – Co-Founder Philip Dutton blogs about organisations failing to grasp that GDPR should not have been viewed as a burden or to have been treated as a tick-box exercise when it came into force back in 2018. It was an opportunity to extract mandatory regulatory budget and use it to elevate and transform organisations’ data capabilities. Turning the 4% of the global turnover stick into the carrot to lead organisations’ data journeys forward. Read the blog here.
Solidatus is a next generation data management solution, enabling and accelerating an organisation’s ability to understand its data landscape. Unique in its unopinionated, non-prescriptive design, with a simple, open, meta model that allows users to model any scenario or use cases to suit their organisational needs, not to fit into a vendor’s view of the world. It is flexible enough to support innovation, but structured enough to allow elegance.