Sabiá Receives Golden Certification from ABRADi Bureau Veritas Standard for the General Personal Data Protection Act

In the 2021 flight planning, Sabiá aimed to be one of the first companies in Brazil to have the LGPD¹ certification. Our internal team and partners, who were instrumental in each stage of this process, worked together for months. Due to their work, we have received the certification in “Personal Data Protection — Golden Level” by Bureau Veritas Certification in April of this year.


This certification strengthens to our team and clients the agency’s commitment to building inspiring partnerships based on transparency and responsibility.

 

Several aspects were evaluated. Among them are:

  • Context and scope of action
  • Corporate Policy for Personal Data Protection
  • Organizational roles and responsibilities
  • Measures adopted to comply with LGPD principles (purpose, necessity, adequacy, free access, quality, transparency, security, prevention, non-discrimination, and liability/accountability)
  • Legal basis for data collection and processing
  • Methodology for risk assessment
  • Internal and external communication
  • Incident management
  • Notifications
  • Contractual formalizations
  • Technical and information security infrastructure

 

 

We thank our inspiring partners who supported us in this achievement!

 

 

Sharing the learnings:

Our certification process followed 6 practical steps. We share our learning with those who have begun their journey to adapt to the LGPD hoping to contribute to an even better and more inspiring ecosystem.

 

1. Mobilize, involve, and communicate everyone
We work with our internal team in a deep manner, and we rely on the engagement of our partners and suppliers. We have involved everyone from the start with a lot of confidence and transparency.


2. Get to know the law and its impact on the business

We have delved into the law by means of trainings to have a better understanding of its requirements and the impacts they cause on the business. In addition to complying with our legal obligation, we understand that among the benefits is the mitigation of risks and the opportunity for competitive differentiation in the market.


3. Process design and risk map

We have made a complete inventory with all the databases that we had in the history. We have structured flowcharts of the processes involved in data processing at the agency. Based on the processes, we have established risk maps and actions to mitigate and correct such risks.


4. Internal and external management system

We have established a system to formalize management and sustain good practices in processes with consistency. We have developed manuals and work instructions to have tools that are both robust and agile.


5. Technology as an ally

We have specific software for interfacing with data holders and for diagnosing maturity, besides information security practices and systems to protect the data we process.


6. Solid contracts

We have formalized our commitments to suppliers and customers in a transparent, balanced, and responsible manner, showing trust in our partnerships.

 

Learn more about LGPD at Sabiá

Excerpt of our participation in the Unicamp Ventures Webinar in April 2021:

 

Article by ABRADi on the achievement of certification in May 2021: https://abradi.com.br/agencia-sabia-conquista-a-certificacao-lgpd-abradi-bureau-veritas/

 

Participation in RD Station + ABRADi training on LGPD:

 

¹LGPD is the acronym in Portuguese for Lei Geral de Proteção de Dados (General Personal Data Protection Act)