The Brazilian General Data Protection Law and corporate devices: correct use at your company
During the pandemic, the use of corporate devices increased and optimized work within companies. After all, company mobile phones facilitate and expedite employees’ tasks on several fronts. However, something that doesn’t often come up is that, in Brazil, the LGPD (General Data Protection Law) also applies to these devices.
Brazil’s LGPD arose from the need to ensure greater personal data protection for the nation’s citizens. And, since we’re on the topic of devices offered by organizations to perform professional duties, both the storage of data and the use of mobile phones fall under the company’s responsibility – and, as such, must comply with LGPD regulations.
Below is a list of best practices for companies in the sense of using corporate devices in compliance with the LGPD:
Employee capacity building
Company employees and managers must receive training on LGPD-related best practices, while also keeping them abreast of company device use regulations and the need to protect information exchanged on said devices.
Data collection validation
Employees eligible to receive a corporate device must be informed of the use of personal data that may be collected by the company while using said device.
Data protection
The company must create mechanisms to prevent its confidential information and that of its customers from leaking through corporate devices.
Corporate devices for exclusive office use
An organization may use MDM (Mobile Device Management) to control access to devices restricted to work-related use. This measure offers greater security and lower costs for companies.
Control by hierarchy
This measure restricts the use of corporate devices based on hierarchical needs. Policies geared towards employees with demands that require wider capabilities shall be defined based on necessity.
Remote device access
This guarantees the possibility of remote access to a device to help in specific circumstances, like updating applications or ensuring an antivirus is enabled.
Article originally written in Portuguese by Perallis Security Content Team: LGPD e aparelhos corporativos: como implementar o uso correto na sua empresa — Perallis Security