ANPD now has a dosimetry regulation for the application of fines for non-compliance with the legislation. The international standard assists companies in the process of implementing data protection regulations
The supervisory and sanctioning role of the National Personal Data Protection Authority (ANPD) was strengthened with the publication, at the end of February, of the Regulation on dosimetry and the application of administrative sanctions. The provision facilitates the inspection activity of the Authority, guaranteeing the proportionality of the sanction with respect to the unlawful act and the damage caused, allowing the calculation of the amount of the applicable sanction.
The publication again draws the attention of companies that still do not know how to comply with the General Law for the Protection of Personal Data (LGPD) and that can find a way through the ISO (International Organization for Standardization) 27001 certification. Since 2018, with the publication of the Federal Law No. 13.709/2018, all companies and organizations must comply with the General Data Protection Act, the obligation of which entered into force on December 28, 2018.
The standard is an international standard for the information security management system (ISMS), which is based on the assessment of risks and how to deal with them within an organization, trying to protect the integrity and confidentiality of information.
Companies applying for accredited certification are audited at certain times by a conformity assessment body (ACO), which are independent certifiers. “The provision contributes to more effective external control of data leakage, guaranteeing cost reduction and compliance with security standards”, explains Alessandra Costa, Abrac’s vice president of Institutional Relations.
ISO 27001 includes several stages for its application: definition of compliance rules and requirements, such as organization context, planning, leadership, operation, support, evaluation and performance improvement; and controls that companies need to adopt in areas such as security policy, human resource security, information security organization, asset management, encryption, access control, physical and environmental security, among others others.
To obtain ISO 27001 certification, it is necessary to contact a Conformity Assessment Body at an accreditation body. In Brazil it is the General Accreditation Coordination (CGRE) of Inmetrobut some are accredited by international bodies, which can be consulted on the website International Accreditation Forum.
The CAB will guide the company in the formal assessment, to verify that all requirements have been met, as well as in the evaluation of the implementation of procedures and controls to certify that they are indeed performing to the required standard. After passing the formal audit, the organization receives the certificate, which is valid for three years.
About Abrac
Founded in 2009, the Brazilian Association for Conformity Assessment (Abrac) brings together companies in charge of assessing the conformity of products, services, systems and test and calibration laboratories, accredited by Inmetro and designated by Anatel, which are offered to citizens , who work in its inspection and certification with the aim of informing and protecting the consumer, especially as regards health, safety and the environment; promote fair competition; encourage continuous quality improvement; facilitate international trade; and strengthen the domestic market, working with national activity regulators.
Press office of the Brazilian Association for Conformity Assessment (Abrac)
Communication consultants: Alexandre Lacerda, Ana Flavya Hiar
Telephone: (11) 94834-5879
E-mail: contato@infographya.com.br; flavyahiar@infographya.com
URLs: https://www.abrac-ac.org.br/
Website: https://abrac-ac.org.br/
Source: Terra
Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.
