Anuário Brasileiro do Setor de Locação de Veículos | 2020

147 2020 Anuário Brasileiro do Setor de Locação de Veículos Brazilian Vehicle Rental Sector Yearbook W ith the growth in the vehicle rental business and consequent increase in competition, we have to innovate in business models (long-term rental for individuals, for example) and facilities for consumers using apps and integration with other platforms (such as tourism agencies, hotels and airlines, banks, credit cards, and so on). Innovation involves the evaluation of regulatory issues and security risks. Adherence to the General Data Protection Act (LGPD), which takes effect in August, goes far beyond establishing a Data Officer/ DPO and setting out or adjusting policies. We have to instill the concept of privacy in projects, analyze the impact based on current processes, rethink these processes, systemic integrations and relationships with partners, in addition to promoting a culture of governance, information security and privacy protection. As an ideal measure, the Data Officer must lead and promote this transformation. As well as information security issues, the concept of privacy should be considered in every project. Information security and privacy experts should be part of project teams from the planning stage. The entire flow of personal data must be mapped, from input to output or disposal. This mapping must consider risks of leakage, sharing or any manipulation that may damage the interests of the holder. Based on impact analysis, internal processes and systemic integrations should be revisited and, if necessary, adjusted, in order to implement mechanisms (controls) that mitigate the risks related to personal data. Note here the importance of the organization having a solid process of managing information security incidents, which allows the identification, processing and response to security incidents in a timely manner, including communication to the ANPD and the holders, if their personal data has been affected in any way. Relationships with partners, which often involve sharing personal data (insurers, travel agencies, banks, and so on), should also be rethought, making clear in the contract the responsibilities each party has to the customer’s data. Legal advice can contribute specifically in this regard. In addition to the obvious benefits of having a mature environment in terms of privacy and governance, consequently less subject to risks, companies seeking compliance with the LGPD acquire other competitive advantages. Increasingly conscientious consumers opt for services and products from organizations that have an image of good governance. Investors and potential business partners typically prioritize companies committed to it. And talented, high-performance professionals also prefer to work in companies that convey a positive image to the market.  agências de viagem, agências de turismo, bancos, operadoras de car- tão de crédito etc.), também deve ser repensado, deixando claro em contrato as responsabilidades de cada parte para com os dados do cliente titular. Uma consultoria jurídica pode contribuir de forma rele- vante especificamente nesse aspecto. Além dos óbvios benefícios de ter um ambiente maduro em termos de privacidade e governança, consequentemente menos sujeito a riscos, empresas que buscam a conformidade com a LGPD adquirem outras van- tagens competitivas. Consumidores cada vez mais conscientes optam por serviços e produtos advindos de organizações que passam uma boa imagem de governança. Investidores e potenciais parceiros de negócio normalmente priorizam empresas comprometidas com o tema. E profis- sionais talentosos e de alta performance também preferem trabalhar em empresas que transmitem uma imagem positiva ao mercado.   (*) Gustavo Valente, diretor de Risk Advisory Services/IT da BDO, atualmente responsável por trabalhos de revisão de Segurança da Informação, Auditoria de Sistemas e de Governança, Riscos e Compliance. (*) Gustavo Valente, director of Risk Advisory Services/IT at BDO, currently responsible for information security, systems and governance auditing, risk and compliance. © Civulgação General Data Protection Act By Gustavo Valente*