3 minute read
Data Privacy and Security
MRV Strategic Risk Typologies
• Compliance: legal and regulatory punishments, reputational and/or monetary loss resulting from non-compliance with internal guidelines, the
Advertisement
Code of Conduct, and MRV&CO’s Policies, Bylaws, and Regulations;
• Conjuncture: losses and changes related to political, cultural, social, economic, or financial circumstances;
• Credit: loss resulting from failed payments by clients or financial institutions, guarantees for financial investments, among others;
• Image: loss resulting from the erosion of the company’s reputation with society, stakeholders, and/or authorities due to negative publicity, whether true or not, or clients’ dissatisfaction during their journey with the company;
• Legal/Regulatory: fines, penalties, or compensation resulting from actions taken by supervisory and control agencies, in addition to losses resulting from unfavorable decisions in lawsuits;
• Liquidity: lack of agility to honor financial commitments on the maturity date or to honor them only at high financial losses;
• Market: stems from pressures to change the prices of our products and the cost of the inputs required for our operations, or from significant loss of performance due to competition;
• Operation: loss resulting from failure, deficiency, or inadequacy of internal processes, people, and systems, or from external events; Urba’s risk management process is carried out independently from that of MRV. It is based on the ABNT NBR ISO 31010 guidelines, which seek to connect policies, processes, and procedures to the organization’s everyday operations in line with the precepts of institutional risk management. Therefore, Urba’s risk management also supports the continuous improvement of work processes and projects and the allocation and effective use of available resources, contributing to the accomplishment of the organization’s objectives.
Urba’s Strategic Risk Matrix started to be prepared in October 2021, assisted by a consulting firm. The process is now at the risk identification and assessment stage, based on the company’s context, i.e., assessing the internal and external environment and scenarios and defining the business vision and strategic and long-term objectives.
Urba
Data Privacy and Security
103-418; 418-01
Respect, care, and attitude at the service of the best experience for every customer.
Ensuring the correct treatment of personal data – always performed in a legitimate, appropriate, and transparent manner, according to the General Personal Data Protection Law – is crucial to the success of MRV&CO’s activities.
This applies to both digital and physical data. It is continuous work carried out by each and every one of us. It is vital to protect the personal data of our customers, employees, and partners, to safeguard credibility and confidence entrusted to us, as well as our reputation in the market, including the National Data Protection Authority – ANPD.
The creation of the General Personal Data Protection Law (Law No. 13.709) sanctioned an ever-present concern of MRV&CO: the search for adapting processes and activities so as to be always in accordance with the best privacy and personal data security practices. And we do it not only to comply with the law but also to become a reference on the subject among our stakeholders. MRV&CO has endeavored to adapt all its operations and treat the personal data of all holders involved in any process carried out by the organization in the most respectful and thorough manner possible.
Trust is a critical element in customer relations. Keeping one’s personal data safe not only helps foster a positive relationship but increases customer satisfaction in the long run during their journey with MRV&CO.
Facing a dynamic and complex scenario, the Senior Management defined, in accordance with the propositions of the contracted consultants, that MRV&CO is to create a specific area
to deal with the adaptation processes in the scope of the General Personal
Data Protection Law (LGPD). Operating independently from the other departments, the department should work under the umbrella of the GRC Executive Management structure to avoid any conflict of interest with other matters and enjoy the necessary autonomy to report directly to the Board of Directors.
The challenge is to establish objective parameters to provide legal certainty and safe systemic mechanisms to perform personal data operations and processes. Therefore, MRV&CO now has an automation and control tool to meet the requirements of data subjects and is continuously to ensure that the issues of privacy and data protection are structured in the best way possible to make the privacy area more robust and secure for everyone. It is about ensuring speed and efficiency in complying with the obligations imposed by the legislation and providing the best experience for the holders of personal data by MRV&CO.