The General Data Protection Law - Federal Law 13.709/2018 brought extensive and significant
changes to the actors responsible for the collection and processing of personal data, including
Financial Institutions. In this context, the compliance sector (responsible, within the company, for
strict compliance with internal and external rules) was deeply affected by the new legislation, as it
needed to adapt to the numerous commands in the norm in a short period of time. This project
discusses a case study, carried out at the Banco da Amazônia, with the purpose of, under the
analysis of the new set of regulations, proposing a new compliance model, or its improvement, to
adapt to the General Data Protection Law - LGPD. The objective of the study is to propose criteria
on the legal requirements brought by the LGPD to companies in the banking sector, in order to
identify and specify the practical compliance procedures and options for the implementation of
data processing in the new reality, and to prevent, as much as possible, the application of fines.
The target audience and subjects involved in the research were legal professionals, public servants
and employees, IT professionals, and auditors, especially those linked to the banking sector. The
methodology applied in the research, in addition to the case study, also adopts bibliographic and
documentary procedures, starting from a literature review process to understand the legal
requirements brought by the LGPD to the banking sector, where, in addition to documents from
the banking sector used for data analysis, articles, theses, and dissertations found in scientific
databases were used. Regarding the data analysis approach, the research is characterized as
qualitative, based on observation and understanding of the environments in which compliance
systems are used to promote an understanding of research phenomena. As a solution, it was
proposed, for the improvement of the current compliance model, the creation of a new
Coordination, for control and management of internal and external processes, solely related to the
processing of personal data, in order to optimize the flow of procedures and mitigate, as much as
possible, the damages/fines resulting from the norm. The study culminated in the elaboration of a
CANVAS business model for the banking sector, a SWOT matrix, the production of a final report
where it was possible to point out the existing bottlenecks to propose a didactic material for the
compliance model in the form of a LGPD Application Manual in Banks.
|
