Banca de QUALIFICAÇÃO: SARA BUENO DE OLIVEIRA GENNARI CARTURAN
Uma banca de QUALIFICAÇÃO de DOUTORADO foi cadastrada pelo programa.STUDENT : SARA BUENO DE OLIVEIRA GENNARI CARTURAN
DATE: 28/06/2023
TIME: 15:00
LOCAL: por participação remota em https://conferenciaweb.rnp.br/webconf/denise-11
TITLE:
LGPD Framework - A model for analysis, evaluation and elaboration of an Implementation Plan by Technology areas
PAGES: 80
BIG AREA: Ciências Exatas e da Terra
AREA: Ciência da Computação
SUMMARY:
Considering the increase in data consumption and technological evolution, there is a special concern with the use and processing of personal data, since they are found everywhere and in different forms. Thus, the LGPD (Lei Geral de Proteção de Dados, in Portuguese) becomes increasingly important, as it defines guidelines for public or private Organizations, regarding the collection, use, storage and sharing of personal data, whether digital or physical and in case of noncompliance, fine and sanction may be imposed, depending on the seriousness.
A systematic review of the literature was carried out to verify the limits of existing studies on the LGPD. It identified a gap regarding the existence of models that represent the best practices to control adherence to the LGPD from the point of view of Technology. Currently, the areas or those responsible define their actions, but without the existence of a standard to be followed. In this way, there is a demand from the Technology area regarding protective actions and, consequently, adherence to the LGPD. While there are many IT-related international standards, they do not fully cover all requirements of the law.
This study developed an LGPD framework considering the legislation, which is in legal language, and proposes a model composed of 4 domains that must be analyzed by the Technology area to analyze, define and execute actions for adherence to the LGPD. Additionally, specificities of the LGPD for Cloud environments were verified. The defined domains are LGPD Governance and People, Methods and Processes, Data Controls and Infrastructure Architecture. It can also be used as a guide for the LGPD maturity analysis and based on the points of gaps, a model is proposed for the elaboration of an implementation plan.
The LGPD framework was inspired by the essential principles of COBIT 2019 and DevSecOps converting a concept into a practical method of understanding and implementation. It also considered the experience acquired with the implementations of the GDPR (General Data Protection Regulation), international standards of Information Systems (IS) and Brazilian particularities. The developed LGPD framework aims to facilitate the understanding of the LGPD by the Technology area and, through it, it is possible to identify points of improvement and plan actions that must be described and prioritized in the Implementation Plan, whose construction model was also proposed.
Finally, the LGPD framework will be evaluated in a real context, in an organization that has been a business conglomerate for over 50 years in Brazil. The results will be collected as well as the respective feedbacks to allow the replication of the use in other Brazilian organizations. As a result, it is expected that the proposed framework can prove to be an effective accelerator, model and guide for good practices in organizations that do not yet have an established LGPD plan or that have not understood the scope of the law.
COMMITTEE MEMBERS:
Presidente - Interno ao Programa - 2976815 - DENISE HIDEKO GOYA
Membro Titular - Examinador(a) Externo à Instituição - MAURO DE MESQUITA SPINOLA - USP
Membro Titular - Examinador(a) Externo à Instituição - ELISA YUMI NAKAGAWA - USP
Membro Suplente - Examinador(a) Externo à Instituição - ROSANA TERESINHA VACCARE BRAGA - USP
Membro Suplente - Examinador(a) Externo à Instituição - RAFAELA VILELA DA ROCHA CAMPOS - UFABC