“Our compliance with LGPD and international standards moved the data protection program to benchmark level”

Lawyer Isabella Becker, the current data protection officer at Grupo Boticário, spoke to Leaders League about the maturing data-protection picture in Brazil and the complexity of data processing in a company that has many different commercial avenues.

Posted mercredi, mai 31 2023
“Our compliance with LGPD and international standards moved the data protection program to benchmark level”

Leaders League: What was the main challenge in your first year as Grupo Boticário’s DPO ?

Isabella Becker: Taking into account the size of Grupo Boticário and its complexity - we are retail, industry, fintech, marketplace and more ─, the biggest challenge is rolling out data-privacy standards  across the group and assuring separation between related areas, such as legal or information security. We are a partner area to these divisions, but independent ─ and the complexity and size of the group is challenging, which means  we are always aligned and promoting awareness about the independence, autonomy and processes of the area.


Grupo Boticário is the second most admired company in Latin America in terms of data , according to the State Of Data Brazil 2022 survey. In your opinion, why are you so highly regarded?

We want to deliver value not only in our products, but also in our services ─ and for that we need the data we process to carry out such services to serve their owners ─ and not the other way around. We believe that to build this value we need robust, technical and diverse teams when it comes to how data is handled: in addition to the privacy structure, we have varied technology structures (such as governance, architecture, culture and data security) that allow the topic to continually be  worked on at both the technical and ethical level.


Regarding the evolution of data protection, do you foresee any bumps in the road?

Looking at the market as a whole, there are still regulation points pending  from the National Data Protection Authority, that will cover international  data-transfer or the treatment of sensitive data. Since data-treatment is increasingly promoted and normalized in modern society, regulation is necessary and urgent.


In your opinion, what is the level of maturity of Brazilian companies in relation to data processing compared to other global markets?

Not long ago, Brazil was seen as a country which was sorely lacking on the subject ─ so much so that it was not even recognized by the European Union as a suitable country to receive international data. With the advent of the LGPD and our compliance with international best practices, the level of maturity of Brazilian companies quickly moved to the benchmark level. Grupo Boticário, for example, has been working on adapting to the LGPD since 2018, so five years on we already have a structured program and several control mechanisms. Bearing in mind that the theme has always been international, it can be said that the market was self enforcing, reaching maturity levels close to those of EU countries.


What are the main objectives to be achieved by Grupo Boticário in 2023?

In terms of privacy, the main objective of Grupo Boticário is to ensure the processing of personal data continues to be encouraged in an ethical and safe manner. We do not want to be data gatekeepers - on the contrary, we want the holder to really feel like they are the owner of their data, and that, through transparency, they see value in the treatments carried out by GB.