Most Brazilian organizations have immature data protection plans

The majority of Brazilian companies still have incipient data protection strategies and this is not being prioritized by organizations, according to research by EY.

In partnership with the Brazilian Association of Software Companies (ABES), the consultancy created an assessment tool to find out the level of preparedness of companies in relation to the upcoming regulations.

More than 1480 companies were surveyed, from sectors such as technology, agribusiness, finance and manufacturing. The survey has found that 60% of the organizations polled have a currently low level of maturity when it comes to compliance with the soon-to-be enforced General Data Protection Regulations.

The tool developed by EY and ABES also aims to educate and help companies of all sizes in their process of compliance with the new regulations, particularly those that can't afford large chance projects to cater for the new requirements. Organizations respond to 61 questions about areas such as how they are handling personal data, personal rights, international data transfers, duties of organizations handling data, and how to handle incidents.

The assessment compares the score of organizations with the national and sector average, company size and location. With the result, companies get a compliance score, with recommendations of what they can do to boost it, and reduce their risks and exposure to potential data protection incidents.

"Being aware of privacy risks form a holistic standpoint is the first step towards business decision making in line with the interests of building trust", said Marcos Sêmola, cybersecurity partner at EY.

Brazil's data protection regulations were approved in 2018 and the original go-live date was August 14, 2020. In April 2020, however, the introduction of the rules had been postponed to May 2021 after the government concluded that some organizations would not be able to adapt in time, due to the Covid-19 outbreak. This was later overturned by the Senate.

A bill voted by the Lower House of the Congress argued for the postponement of the introduction of the rules to December 31, 2020, introducing further confusion to a schedule that has seen several changes over recent years. The Senate then passed the bill without the item that proposed the delay until the end of this year. The latest amendment must now be sanctioned by president Jair Bolsonaro in the next few days.