LGPD – The challenges and opportunities for your company

LGPD – The challenges and opportunities for your company

The General Data Protection Law (LGDP) of Brazil has been in force since September 18, 2021 and most companies are already adapting their contracts, procedures, privacy clauses and technologies. Have you ever noticed that every time we enter a website, even those we access frequently ask us for permission?


The LGPD is a law that brings 65 articles for the processing of personal data, both of customers and employees, in private and public companies.


In addition to placing the data subject as a central figure, this law has been impacting and changing the history of many sectors and now, more than ever, companies are seeking to act in accordance with these guidelines in order to avoid immense financial and reputational losses for those who do not comply with the new rules.


It is noteworthy that the LGPD does not only apply to data transmitted by digital means. Information materialized on paper must also respect the new law.


It is certain that there may be immediate costs in implementing the necessary changes, however, if carried out correctly, the benefits are very interesting.


It is also important to say that challenges arise in proportion to the opportunities as the law provides for very significant fines in case of violations.


For some companies, only minor adjustments and changes will be necessary. Others, however, will need to undergo deeper transformations. The important thing is to keep in mind that this change should be carried out in all companies as soon as possible.


Faced with so many doubts in this new scenario, we decided to write this article and in it address, in an objective and clear way, what are the LGPD's challenges and opportunities for your company. Check it out!

The challenges of the LGPD

One of the main challenges of the Protection Law for companies is precisely internal organization. For many organizations, adapting to the new law will be a real journey of self-discovery.


As far as companies are concerned, structural changes in the workforce will be necessary, such as defining a Data Protection Director (DPO) to coordinate the actions.


Regarding the measures that must be taken by organizations are the hiring of certain services, such as those provided by consultants specialized in monitoring and mapping data. In addition to the mapping and monitoring of data, it is also necessary to have the support of legal counsel, to support with the creation and adaptation of contracts that must now inevitably contain privacy protection clauses.


Before the LGPD, it was common for organizations to collect as much personal information as possible, without establishing any criteria and reasons to justify such collection. Data such as location and contact lists, among others, are of no use for certain services, for example.


This excess of unnecessary information, often outdated or incorrect, in addition to not complying with the law, increases the risk of leaks and compromises the entirety of internal process of the company, since the organization of data can influence the results and negatively impact the business.


At first glance, it may seem like an almost impossible mission to eliminate excessive or purposeless data for your type of business.


However, the result of the cleanup can be very encouraging because companies that promote this review in their databases can significantly improve their customers' experience, making it more personalized.


Opportunities for compliance with the law


The LGPD is not just about penalties. It can also be a great opportunity to stimulate business. In recent times, we have been following the massive dissemination in different media about incidents involving the privacy of the general population, who are increasingly aware of their rights regarding the disclosure of their personal information. In this sense, privacy and data protection standards have become one of the main requirements when purchasing a company's products or services.


When the company complies with all legal provisions contained in the LGPD, it will automatically be treating its customers' data in an ethical and transparent manner. Such action will contribute to the reputation of the business, increase competitiveness in the market and build customer loyalty.


Being in compliance with the law also brings benefits for hiring between companies, since, with the issue of joint liability and reputational and legal risks related to improper data processing, no company that has already adapted or is moving towards the LGPD will hire another that does not comply with the rules of the new law.


Another positive aspect of adapting to the protection law is the possibility of entering the international market, something that was not possible before due to the legal uncertainty related to the Brazilian rules and guidelines for data processing.




In short, the journey of adaptation to the LGPD requires an effort from all sectors of the company, regardless of its size and segment. The areas must be involved from the mapping of processes to the implementation of measures to comply with the legislation.


The engagement of the company's employees can provide a transformation both in the form of communication between areas and in the improvement of internal procedures.


This is the time for companies to be seen, stand out in the market and demonstrate to their customers that they really care about giving the correct treatment to their data.