Compliance and Conformity
Commitment to Compliance Excellence
PixelDMP maintains a comprehensive compliance program that ensures conformity with all applicable regulations, industry standards, and best practices for data security and privacy.
Our Compliance Programs
COMPLIANT
LGPD
General Data Protection Law (Law No. 13.709/2018) - Full compliance with Brazilian data protection legislation.
COMPLIANT
Internet Civil Framework
Law No. 12.965/2014 - Compliance with principles, guarantees, rights, and duties of internet use in Brazil.
COMPLIANT
GDPR
General Data Protection Regulation - Compliance with European data protection regulation for international clients.
COMPLIANT
ISO 27001
Information Security Management System Certification - Guarantee of robust security controls.
COMPLIANT
ISO 27701
Extension of ISO 27001 for Information Privacy - Management of personal data privacy.
COMPLIANT
PCI DSS
Payment Card Industry Data Security Standard - Compliance for secure payment data processing.
Compliance Structure
1. Compliance Governance
We maintain a robust governance structure that includes:
- Compliance Committee: Executive committee responsible for overseeing compliance programs
- Data Protection Officer (DPO): Responsible for LGPD and GDPR compliance
- Chief Information Security Officer (CISO): Responsible for technical and organizational security
- Internal Audit: Team dedicated to audits and compliance reviews
2. Policies and Procedures
We develop and maintain comprehensive policies and procedures, including:
- Privacy and Data Protection Policy
- Information Security Policy
- Data Retention and Deletion Policy
- Incident Management Policy
- Access Control Policy
- Business Continuity Policy
- Code of Conduct and Ethics
3. Training and Awareness
We ensure all employees are trained and aware of compliance:
- Mandatory training on data protection and privacy
- Information security training
- Regular updates on regulatory changes
- Incident simulations and response
- Professional certifications in security and privacy
Specific Regulatory Compliance
LGPD (General Data Protection Law)
Full compliance with LGPD through:
- Complete mapping of personal data
- Implementation of the 10 LGPD principles
- Guarantee of data subject rights
- Data Protection Impact Reports (RIPD)
- Incident notification to ANPD
- Designated Data Protection Officer
Internet Civil Framework
Compliance with Civil Framework principles:
- Network neutrality
- Freedom of expression
- Privacy protection
- Log retention as per legislation
- Transparency in data management
GDPR (General Data Protection Regulation of the EU)
For European clients, we guarantee GDPR compliance:
- Legal basis for each data processing
- Data subject rights (access, rectification, erasure, etc.)
- International transfers with adequate guarantees
- Data Protection Impact Assessments (DPIA)
- Data breach notification within 72 hours
Certifications and Standards
ISO 27001 - Information Security
ISO 27001 certification demonstrates our commitment to:
- Systematic security risk management
- Implemented and monitored security controls
- Continuous improvement of security management system
- Regular audits and renewed certification
ISO 27701 - Information Privacy
Extension of ISO 27001 focused on privacy:
- Personal data privacy management
- Compliance with LGPD and GDPR
- Specific controls for privacy protection
- Third-party management and data transfers
Audits and Monitoring
Internal Audits
We conduct quarterly internal audits to:
- Verify compliance with policies and procedures
- Identify areas for improvement
- Validate control effectiveness
- Ensure continuous compliance
External Audits
We undergo annual external audits by:
- Certification bodies for ISO 27001 and ISO 27701
- Independent auditors for LGPD and GDPR
- Penetration testing by specialized companies
- Compliance reviews by specialized consultancies
Continuous Monitoring
We implement continuous monitoring through:
- Intrusion detection systems (IDS/IPS)
- 24/7 security monitoring
- Log and security event analysis
- Automatic anomaly alerts
- Regular access and permission reviews
Risk Management
We maintain a comprehensive risk management program that includes:
- Risk Identification: Systematic mapping of security, privacy, and compliance risks
- Risk Assessment: Analysis of probability and impact of each risk
- Risk Mitigation: Implementation of controls to reduce or eliminate risks
- Risk Monitoring: Continuous tracking and periodic review
- Continuity Plan: Strategies to maintain operations during incidents
Incident Management
We maintain robust procedures for security and privacy incident management:
- Detection: Automated systems and manual processes to identify incidents
- Response: Dedicated incident response team available 24/7
- Containment: Immediate actions to limit incident impact
- Notification: Communication to authorities and data subjects as required by law
- Post-Incident Analysis: Complete review and implementation of improvements
Third-Party Compliance
We ensure all suppliers and partners are also in compliance:
- Supplier compliance assessment before engagement
- Data Processing Agreements (DPA) with all processors
- Regular audits of critical suppliers
- Contractual compliance requirements
- Continuous monitoring of third-party compliance
Transparency and Reporting
We maintain transparency about our compliance program through:
- Annual compliance and security reports
- Disclosure of certifications and compliances
- Proactive communication about regulatory changes
- Public documentation of policies (when appropriate)
- Transparent responses to information requests
Continuous Improvement
Our compliance program is dynamic and continuously evolves:
- Quarterly review of policies and procedures
- Tracking regulatory changes
- Implementation of industry best practices
- Feedback from audits and incidents
- Continuous investment in technology and processes
Contact for Compliance Questions
Compliance Team
Email: compliance@pixeldmp.com
Registered office: Singapore
Last updated: January 2024