DATA REGIME GOVERNANCE
Jobecam has the following guidelines established in data regime governance:
Data collect:
a) Identification of Needs: Data must be collected based on the organization's needs and objectives, to ensure that it is relevant and suitable for the intended purposes.
b) Consent and Transparency: When applicable, it is necessary to obtain informed consent from individuals for the collection of their data. Additionally, the organization must be transparent about the purposes of collection, the types of data collected, and the rights of individuals in relation to their data.
c) Data Minimization: Data collection must be limited to the minimum necessary to achieve the defined objectives, avoiding excessive or unnecessary collection of information.
d) Data Quality: Criteria and processes must be established to ensure the accuracy, integrity and timeliness of the data collected, including defining responsibilities for verifying and correcting the data.
a) Protection and Confidentiality: Data must be protected against unauthorized access, loss, theft or breach of confidentiality. Appropriate security measures, such as encryption, access control and monitoring, must be implemented in accordance with best information security practices.
b) Data Retention: An appropriate period must be defined for data retention, taking into account legal and regulatory obligations and the needs of the organization. Data must be securely deleted after the retention period ends.
c) Backup and Recovery: We have implemented a regular data backup plan, ensuring its integrity and availability in the event of failures or disasters. Additionally, we have established recovery procedures to restore data in the event of loss or corruption.
Use and Sharing of Data:
a) Controlled Access: Access to data should be granted only to authorized people, based on your business needs. We implement authentication and access control measures to ensure data security.
b) Responsible Sharing: Data sharing must be carried out responsibly and in compliance with laws, regulations and internal policies. There must be data sharing agreements that establish the responsibilities of the parties involved and ensure adequate protection of shared data.
c) Monitoring and Auditing: We regularly monitor the use and sharing of data, as well as periodic audits to ensure compliance with established policies and guidelines.
Education and Awareness:
a) Training: We provide appropriate training for employees and people involved in the use and management of data, with the aim of promoting awareness of data governance policies and practices and the importance of data protection.
b) Communication: Clear and regular communication should be promoted about data regime governance, its guidelines and the procedures to be followed. This includes disclosing policies, updates and best practices related to data governance.
c) Legal and Regulatory Compliance: The organization is aware of and complies with all applicable data protection laws and regulations, including the General Data Protection Law (LGPD) or other relevant data protection laws in force.
Monitoring and Continuous Improvement:
a) Periodic Review: Data governance policies and processes must be reviewed periodically to ensure their continued effectiveness and relevance to the organization [2] .
b) Risk Assessment: A regular assessment of risks related to data must be carried out, identifying possible vulnerabilities and implementing preventive measures to mitigate such risks.
c) Feedback and Improvement: The organization must encourage feedback from users and interested parties on data governance, constantly seeking improvements and refinements in policies and practices.
This Jobecam data regime governance document is a fundamental guide to promoting proper data management and ensuring compliance, privacy and information security. It should be reviewed regularly and updated as necessary to meet changes in laws, regulations, and the organization's internal requirements.
If you have any questions, suggestions or requests related to this document, you can contact Diogo Felizardo, DPO at Jobecam via email at diogo.felizardo@jobecam.com
