Infrastructure and Security
Compliance (LGPD)
Privacy law is not “a pretty policy page”: it is knowing what you collect, why you store it, where it lives, and how you delete when the data subject asks — without freezing product or leaving legal without answers. Viscale blends technical depth with business language: explicit legal bases, auditable processing records, and an incident flow that does not start from scratch when noise hits.
From inventory to processing design. We list systems, forms, integrations, and databases that hold personal data — including logs everyone forgot. For each processing activity we tie purpose, legal basis, and retention with numbers, not generic “indefinitely”.
What we can deliver
Lean processing inventory (ROPA-style)
System, data, purpose, legal basis, retention in language legal can sign.
Privacy policy and in-app bases
Copy consistent with real collection and sharing flows.
Consent flow and evidence
When required, with version and timestamp records.
Data-subject requests (access, fix, delete)
Internal SLA, technical checklist, and response templates.
Impact assessment when it applies
New product, biometrics, or automated decisions with a concrete document.
Vendor contracts (DPA)
Subprocessor clauses, location, and breach notification.
Squad training
What may go in logs, what not to screenshot, and how to loop legal without freezing the sprint.
Breach communication plan
Owners, timelines, and templates for data subjects and regulators when applicable.
Operations your team can run. Privacy policy and cookie notices aligned with what the product actually does; internal flows for access, correction, and erasure; consent logging when required and proof of opt-out when campaigns change. For B2B we treat professional contact data with the right rigor without inventing bureaucracy where the law does not require it.
Security and contracts in one package. We map LGPD expectations onto existing encryption, backup, and access controls; help negotiate clauses with cloud and vendors (DPA, location, subprocessors); and leave a short breach playbook: who notifies whom, in what timeframe, and which templates reach the data subject.
Portfolio of Compliance (LGPD)
Deliverables
Processing inventory
Spreadsheet or living doc with technical owner.
Reviewed privacy policy
Aligned with product and real channels.
Legal basis register per activity
For internal or external audit.
Data-subject response templates
Access, correction, portability, erasure.
New-feature checklist
Questions before collecting new data.
Vendor matrix and DPA status
Signature state and short risk note.
DPIA or impact memo
When the case needs a formal document.
Incident response plan
Roles, timelines, communication channels.
Training log
Who attended and when.
Handoff session
With internal DPO or named owner.
Execution methodology
-
Stakeholder interviews
Product, legal, marketing, IT — each states what they collect today.
-
Technical inventory
Databases, CRM, email, analytics, backups, integrations.
-
Classification and legal bases
Per activity, with numeric retention.
-
Product and form adjustments
Minimum fields, notices, coherent opt-in/out.
-
Data-subject documentation
Policy, contact channels, internal deadlines.
-
Operational flows
Ticketing for requests with proof of fulfillment.
-
Contracts and DPAs
Review or draft clauses with vendors.
-
Security aligned to privacy
Access control, logs, and minimization where feasible.
-
Incident tabletop
Walkthrough with notification script.
-
Training and handoff
Who keeps the inventory current going forward.
