Brazil’s General Personal Data Protection Law (LGPD in the Portuguese acronym) nº 13.709/2018, which came into force in September 2020, presented companies with challenges related to certain critical questions – data protection and customer privacy –, further increasing the responsibilities of the telecommunications segment. TIM had already anticipated the provisions of the law related to care with customer data.
Since the law was published in 2018, the company had initiated preparations on diverse fronts to ensure full compliance with its requirements. Among the main measures were training employees to be aware of the impacts and the modifications that the law introduces and to follow the guidelines for the collection, use and protection of the data of customers, employees, suppliers and other stakeholders.
To guarantee structured management of the diverse activities necessary to ensure compliance with the law, TIM:
TIM conducts its activities based on ISO 27001 – the international standard that sets forth the best information security management practices – and NIST (Cyber Security Framework) which supports the management and reduction of cybernetic security risk. Although the company has not yet obtained ISO 27001 certification, in 2020 it conducted an assessment of the certification requirements, identifying a level of conformance of over 90% with the requirements. The adjustments necessary to obtain certification will be conducted in 2022.
For more information about TIM’s privacy and data protection, please visit our ESG Report.