LGPD: how does the law impact organizations' budgets for 2022
The growth of cybercrime has led to the need for specific regulation to limit possible abuses. The LGPD (General Data Protection Act) entered into force to determine standards and criteria governing the collection and processing of data.
From 2022, the National Data Protection Authority (ANPD) should actively oversee organizations that do not act in compliance with the legislation. Thus, institutions that have not yet fully adapted can be punished.
But how does this change organizations' budget plans for years to come? The definition of a regulation means an even greater structuring of the supervisory body, which can carry out audits and impose penalties.
In this way, information security structures can be prioritized in the budgets of the coming years.
How does the LGPD impact organizations' budgets?
Over the past year, we've seen a big growth in cyber attacks and data leaks. Thus, organizations must act actively to deal with this type of threat, at the risk of being punished by the supervisory body.
The LGPD follows a global trend to protect people's information and places data subjects as a central figure. This regulation also seeks to penalize organizations that use or share personal data irregularly.
With the approval of the ANPD’s supervisory procedure regulation in October 2021, the agency's active oversight should begin in January 2022. Thus, the new regulation lays down rules and procedures for the application of penalties and fines.
LGPD as a stimulus to data protection
The fines and penalties provided for in the law also deal with the leakage of personal data. In this way, organizations need strategies to prevent information security incidents that could compromise personal data.
The growing number of incidents also links the alert for organizations to be inspected. This year alone, the ANPD reported that incident reporting had a considerable increase.
The new ANPD regulation sets out what the measures will be for the possible risks encountered in inspections. Thus, the trend is that organizations invest even more in the implementation and maintenance of actions related to information security.
The expectation is that the structuring of the supervisory body will allow the development of a culture of data protection within national organizations. But, as the LGPD applies to any organization that operates in the country, even foreigners who have operations in Brazil must adapt.
Allocating resources to act in accordance with the LGPD
Even with the expectation of developing a culture of protection within organizations, the current scenario is not very positive. Internal areas that are responsible for information security are not always prioritized in the definition of future budgets.
This is what shows a survey conducted with decision makers from the areas of technology of organizations from different sectors. Even though it is considered a very important sector by the majority of respondents, less than a third said that information security is prioritized in investment plans.
This causes a great difficulty for the establishment of effective actions to mitigate risks and act in accordance with the LGPD.
Brazil's entry into the ranking of the five countries in the world that have suffered the most cyber attacks against organizations in the last year has also sparked the warning of the damage caused.
In this way, executive committees must act to avoid fines and sanctions caused by cyberattacks, or for not acting in accordance with the legislation. With the oversight and structuring of the ANPD, organizations must act even more to mitigate risks and this may mean allocating more resources to these areas.
How to establish measures to act in accordance with the LGPD
We know that it is very important to establish security actions and policies that allow for more data protection. As the LGPD applies to data processing in Brazil, any organization operating in the country must adapt.
For this reason, it is necessary to ensure that the internal processes and solutions used within organizations comply with regulations.
Establishing security and privacy policies, as well as standards for the acceptable use of computing resources, is essential for the protection of information. In addition, making these contents disseminated, and applied, by people is essential.
Through PhishX you can design and manage smart strategies to communicate with people about the importance of digital security care. Thus, it is possible to distribute information security policies, booklets, training and simulations that are essential for the negotiations of the LGPD.
Consult our sales team by clicking on Talk to the sales team to learn how we can help you suit the LGPD.