A large pharmaceutical company approached our team with challenges regarding the implementation of personal data protection practices. In a diagnosis already carried out, a series of gaps in compliance with current personal data protection legislation were pointed out. In addition, a number of risks were identified, especially considering that the company routinely handles a large volume of sensitive personal data related to the health sector.
In the client’s reality, it wasn’t feasible to keep a specialized in-house professional to manage these actions. Some of them are quite critical, such as those related to pharmacovigilance and patient programs, as well as the coordination of data protection routines that require periodic maintenance.
As the Brazilian Data Protection Law (LGPD) allows for the appointment of an external DPO, the company chose to appoint Chenut as the person in charge. Acting within the company, we coordinate actions to remedy the gaps identified and monitor data protection routines.
With our extensive experience in this field, we have been able to organize swift action on critical points, such as sensitive data. In the companies we serve as DPO, we spend an average of six months closing all the compliance gaps, minimizing the risks related to data protection.
After this work, already at a higher level of maturity, we coordinated the necessary routines to protect the company and maintain compliance with the law, such as attending to data subjects, managing the third parties with whom the company shares personal data, updating and maintaining compliance documentation and raising awareness among the teams through training and innovative communication campaigns.
In this way, we institutionalize data protection practices and ensure that the issue is kept top of mind while legal obligations are met.
Currently, new risks related to the protection of personal data are promptly identified and dealt with appropriately. In addition, we are available to respond to critical situations, such as security incidents.
In this case, the presence of an external DPO was fundamental and strategic so that the company could fulfill its objectives and devote the energy of its employees to the core activity of its business.