Since the beginning of February, the Interact Prime business unit has been following the project of two telecommunications companies in Rio de Janeiro and Fortaleza, in order to comply with the Brazilian’s General Data Protection Law (LGPD). The work has been carried out by the consultancy company Tecnologia Humana, a Rio partner of Interact. The project involves, among other activities, awareness, process auditing, mapping of gaps and survey of actions necessary to adapt the organization to the LGPD.
According to the director of Interact Prime, Bárbara Rodrigues, the project, led by IT Governance Consultant, Renata Valéria Lopes, aims to help the company not only adapt to the LGPD, but to rethink how the information of the day to working days are protected at all levels of the organization.
“We can think that information today is the new oil. And how do you take care of this intangible heritage of companies without good management and organization?”, Provokes the pair. To anchor this process, Human Technology adopted Interact’s software, Suite SA, which models its work framework based on the ISO 27000, 27001 and 31000 family of standards.
“With SA we were able to streamline our work, as we standardize both the audit checklists and the risk maps and reports of our customers. And those who choose to purchase the tool, receive a live report, as they can be updated periodically as planned adequacy actions are implemented”, reflects Renata Lopes.
Sector under surveillance
Due to the large amount of data handled every minute, the Telecommunications sector needs to follow strict regulations, which, in a way, pressure companies in the industry to adapt to current laws, as is the case of the LGPD, needing a look at Governance and Compliance. With the SA system it is possible to design these processes, carrying out end-to-end monitoring, in all areas, resulting in a quality Corporate Management.
Among the main rules that guide the activities of the branch is Resolution 740/21 of the National Telecommunications Agency (Anatel). The regulation takes effect on July 3, 2021 and approves the cybersecurity regulation for the telecommunications sector.
Based on these extensive criteria for the operation of telecommunications companies, Interact Prime and Tecnologia Humana work in alliance to deliver to customers exactly what they need: corporate governance, corporate quality management, data security and control over the processes and risks of each sector integrated.
According to Bárbara, the non-compliance with the regulations leads companies to pay at least two fines for data or information problems: they can be assessed by both ANPD and ANATEL. “Along with Renata, Interact Prime started an extensive work to raise awareness among all employees of both companies”, she recalls.
Collective awareness
Since February, Bárbara has led the process of raising awareness among employees of the two telecommunications companies, conducting remote training. In all, 85% of employees have already been trained, in addition to outsourced companies. “Over the course of a week, awareness training was conducted on the importance of this topic and on the impacts of these regulations for both the company and the employee”. In this stage of the project, all employees were involved, from senior management to the operational area.
Then, both professionals traveled to Fortaleza, Ceará, starting face-to-face activities with meetings with the committee formed to adapt the company. In addition, they made visits to the departments, where they acted as part of the teams in the day-to-day operations, as well as held meetings with all the directors and CEOs of the organization.
Audits
The audits of all processes based on the sector’s regulations and information security regulations and the General Data Protection Law (Law 13,709 / 18) were monitored by the Corporate Governance and Compliance director. “Using the tools of Interact’s SA Strategic Adviser, we developed an extensive checklist that guided the on-the-spot audit work, observing each requirement of the law and the sector’s regulations within the organization”, explains Bárbara.
In the opinion of the director of Interact Prime, such work only has good results if done in full, observing each element of the business structure.
This same process was also carried out at the company in Rio de Janeiro, which has already completed the diagnosis and should initiate several adaptation actions. The project, led by the IT Infrastructure Management, is closely monitored by the Board of Directors and has the Director of Technology and Network, as one of the great incentives.