Technology & Digital
DPO as a service_
Our DPO as a Service solution is ideal for companies looking to outsource the Data Controller role or obtain specialized support to fully meet the requirements of the General Data Protection Law (LGPD) or other international data protection legislation.
At rra_, you have direct access to a team of data protection experts, ready to offer accurate advice and guidance in compliance with the legislation. Our service is flexible, allowing the total or partial outsourcing of DPO responsibilities, according to the needs of your organization.
With rra_'s DPO, you ensure compliance with the LGPD while maintaining focus on your core activities, taking advantage of an efficient, high-quality solution that increases security and trust in the processing of your customers' and/or employees' personal data.
why hire?
Appointing a DPO is not only a legal requirement, but also a fundamental practice to strengthen data governance in your company. Our service offers specialized and ongoing guidance, applying best practices for the safe and efficient processing of personal data. In addition, we work to foster a solid culture of data protection throughout the organization, promoting compliance with the LGPD and reinforcing trust with customers, partners and employees.
How do we do it?
Our DPO as a Service service is conducted by highly qualified professionals who act with technical independence, in accordance with the guidelines of the National Data Protection Authority (ANPD) and the guidelines of CD/ANPD RESOLUTION No. 18, OF JULY 16, 2024. Our team takes an active role in managing all data protection governance, taking care of every detail and guiding internal teams to ensure full compliance with the General Data Protection Law (LGPD).
From implementing internal policies and controls to providing guidance on processes and audits, our experts work with your organization to address all data protection needs, promoting a culture of compliance and security in every sector of the company.
1
Mapping
Constant updating of the mapping of personal data processing operations by opening a call via the rra_ integrated system.
2
Contracts
Review and adaptation of contracts by opening calls via the rra_ integrated system.
3
Incidents
Management of incidents involving personal data with recording and adoption of corrective and preventive measures.
4
Gap analysis
Compliance Diagnosis: Gap Analysis of the Privacy and Data Protection Governance Program through the opening of a call.
5
Indicators
Service usage indicators and reports, such as the number of holder requests opened (DSAR), call openings, among others.
6
Privacy Portal
Privacy Portal for receiving requests from holders customized with the contractor's logo and colors. (www.portalprivacidade.com.br).
7
Trainings
Annual training on Personal Data Protection in the workplace, impacts and dissemination of the culture of good practices and compliance in personal data protection.
8
Awareness
Awareness campaigns and booklets by sending updated materials and the latest news on Privacy and Data Protection.
9
Unlimited advisory
Unlimited consultancy on data protection and proposal of new solutions for current and future problems by opening calls via the rra_ integrated system.
10
DSAR (Data Subject Rights)
Receive and process complaints and communications from data subjects, provide clarifications and take action with the contractor's internal team.
11
ANPD
Appointment as Data Protection Officer before the National Data Protection Authority and receipt of communications with adoption of internal measures.
12
Policies
Creation and review of Privacy Policies, Data Protection, Information Security, Incident Response Plan, among others.
13
Technical training
Sectorized and specialized training according to the contractor's teams.
14
Due Diligence
Validation of strategic suppliers through risk assessment according to responses to a digital form developed by rra_.
15
Audits
Action plan with improvements and risk reduction in personal data processing operations, remote auditing to verify the progress and completion of action plans (PDCA) and internal data protection governance structure.