Data Privacy and Security

General Data Protection Law (LGPD)

The General Law on Data Protection (LGPD – Lei Geral de Proteção de Dados, Brazilian Law No. 13,709 of 2018) regulates the processing of personal data of natural persons, defining the hypotheses in which such data may legitimately be used by third parties and establishing mechanisms to protect data owners against inappropriate uses.

The Law applies to data processing carried out by natural persons or public or private legal entities, aiming to protect the fundamental rights of freedom and privacy.

Learn more about the initiatives that ABC Brasil has been taking for full compliance with the General Law on Data Protection (LGPD – Lei Geral de Proteção de Dados), in force in Brazil since 2020.

Questions about the General Law on Data Protection (LGPD)? Click here to visit the Data Protection Supervisory Authority (ANPD) website and learn more.

ABC Brasil’s Internal Initiatives

ABC Brasil has Data Privacy & Security policies published, reviewed, and audited periodically. The Bank has built along the years several policies that are complementary, below are some examples together with its respective scope:

  • Data Security Policy: General program exploring a fragment of the internal information security strategy, data protection, and LGPD Training;
  • Information Classification Policy: Classifies data by its degree of risk and potential impact to control the access to information in critical systems and processes related to ABC Brasil’s business;
  • System Classification Procedure: Defines the access controls to the information, data, systems, and processes related to its businesses;
  • Access Control Policy: Establishes requirements for information systems’ access control;
  • Access Profile Review: Establishes the criteria to analyze and periodically review each employee’s access rights to information systems;
  • Audit Trail: Defines rules for recording and storing audit trails, as well as for monitoring information security in the computing environment;
  • Corporate Data Backup Policy: Establishes criteria, procedures, and frequency for the backup of ABC Brasil program files and data;
  • Data Masking Policy: Defines the database masking process for the homologation and development environments; and
  • Policy for the Use of Electronic Documents: Defines controls to minimize the risk of integrity, availability, and confidentiality of spreadsheets and database files.

 

Notably, complementing the entire process of data protection, control, management, and governance, the ABC Brasil also has the following committees dedicated to the subject with the participation of senior executive members: i) the Operational Risk and Compliance Committee where issues related to data and cybersecurity are deliberated; and ii) the Information Technology Committee where budgetary and implementation issues are deliberated.

Access the Sustainability Report to learn more about our initiatives related to Data Security and Privacy.