Adapting to the General Data Protection Act and Opportunities for the Insurance Market

With the entry into force of Statute no. 13,709/12, better known as the General Data Protection Act (LGPD in Portuguese), Brazil has joined the group of countries that have enacted legislation specifically dealing with the handling of personal information, which is essential to bringing the country in line with this new, more digital worldview, wherein the concern for privacy and the exposure of people’s information is becoming more and more significant. This is therefore a path of no return, since the individual is at the center of the entire process.

The European experience with the General Data Protection Regulation (GDPR) has provided several lessons for the implementation of the LGPD. It became clear that we need to understand not only companies’ data structures, but the entire life cycle of the information and how it affects both internal and external stakeholders, in addition to putting into place best practices for information security and adopting governance standards that result in transparency and control.

From a management perspective, this is an opportunity. The need to adapt to this new legislation drives companies to implement solutions that support compliance and, consequently, that promote technological upgrading in times when digital transformation and the different models of innovation are here to stay.

But the question remains: how can we prepare ourselves for this new challenge? Regardless of technological tools, data mapping, and implementation of data-protection strategies, for the adaptation process to be effective and strategic, it must necessarily include a cultural adaptation by companies, especially their leadership. As any risk-management model says that without the so-called “tone at the top,” any procedures devised run the risk of being boiled down to a few activities that are just for show, without adding any value to the company and its clients.

The effect of the LGPD on the insurance market, which turns over a large volume of personal and/or sensitive data, is certainly challenging, but it also creates opportunities. Insurance companies that put into place best practices and regulations around data protection could have a competitive advantage over their competitors. Clients place a high value on sharing their information with a company that is concerned about, invests in, and complies with the strictest privacy standards.

”Insurance companies that put into practice best practices and regulations around data protection could have a competitive advantage over their competitors

There is no single formula for this, but the adaptation strategy for the LGPD should include a few important actions, such as mapping the operation’s entire structure, developing plans of action based on risk and in the context of the business, and engagement of leadership to come into and maintain compliance, observing governance rules and best practices.

By Daniel Meirelles, Data Protection Officer, and Diogo Morais, Supervisor of Risk, Internal Controls and Compliance at Austral Seguradora