Expertise, Audit, and LGPD. What now, expert?

Importância da LGPD, Perícia e Auditoria. E agora, perito - stwbrasil

Sanctioned in 2018, Law No. 13,709 – General Data Protection Law (LGPD) – represents an important milestone for the treatment and protection of personal data in Brazil.

Its goal is to protect freedom and privacy rights, regulating the collection, processing, storage, and sharing of personal data.

In addition to the importance of the LGPD, we have the relevance that the penalties brought to compliance with the law. If in the beginning there were doubts that companies could be fined, little by little, the oversight being carried out by the ANPD shows that the dosimetry will be applied at some point.

Companies that handle personal data must adopt a proactive approach to information security, implementing privacy practices from conception and throughout the data lifecycle.

Collaboration between sectors, awareness, and ongoing compliance are fundamental pillars for a successful LGPD approach.

The essence of LGPD is not punitive.

According to Dr. Carlos Eduardo, a lawyer specializing in privacy and data protection, certified by IAPP, CIPM, and CDPO Brazil, the essence of LGPD is not merely punitive; it seeks to contribute and assist. Isolated punishment is not the appropriate solution because it results in the marginalization of companies.

The correct approach should include prior oversight by the ANPD, as is already happening, and collaborative actions to promote compliance and prevent data leaks.

“Punishments cannot be the primary factor of an incident, but the result factor,” cites Carlos Eduardo. They must be proportional to the specific case, taking into account the dosimetry.

Information security is much more than firewall and encryption.

Information security involves not only technologies like firewall and encryption but also employee training as a fundamental tool.

The pillars of security include confidentiality, availability, and integrity of data, which can be compromised in various ways, including by human behavior.

The entire network of employees, partners, and suppliers must be trained to prevent data leaks and incidents.

Furthermore, the company can use tools such as impact reports and risk matrices to assess and mitigate risks.

Importance of LGPD: Awareness is essential

Awareness is crucial for all sectors of companies to understand the importance of LGPD.

LGPD is not just a legal or technological issue; it is a multidisciplinary approach that encompasses legal, technological, organizational, and corporate culture aspects.

All employees must understand how data processing relates to their work and how data protection is essential for the company and its customers.

The effective application of LGPD involves the implementation of policies, contractual reviews, training, and regular audits.

It is crucial that the company maintain updated policies that reflect the evolution of the business environment and technologies.


We can conclude that LGPD brings significant changes to how companies handle and protect personal data.

Awareness of all employees and the implementation of policies and information security practices are essential to ensure compliance and protection of sensitive data, contributing to a relationship of trust between companies and their customers.

To learn more about the particularities related to the importance of LGPD and penalties, watch the full episode of STWCast, where we discuss in detail how the laws apply.

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Social media


Leading company in information security. The digital protection of your company is our priority. We rely on state-of-the-art technology used by highly specialized professionals.

(11) 2666-3787
R. São Bento, 365 – 8o Andar – Centro Histórico de São Paulo, São Paulo – SP,
CNPJ: 05.089.825/0001-48.

Copyright ©️ 2023 – All rights reserved. Check out our  Privacy Policy.