Abstract

PELOSO PIURCOSKY, Fabrício; APARECIDO COSTA, Marcelo; FROGERI, Rodrigo Franklin  and  LEAL CALEGARIO, Cristina Lelis. The General Law for Protecting Personal Data in Brazilian Enterprises: An Analysis of Multiple Cases. suma neg. [online]. 2019, vol.10, n.23, pp.89-99. ISSN 2215-910X.  https://doi.org/10.14349/sumneg/2019.v10.n23.a2.

This study aims to describe and understand the reality of Brazilian organizations in terms of compliance with the General Law on the Protection of Personal Data (LGPD). Such an approach is justified by the regulations established by the Brazilian State for the manipulation, processing and storage of personal data by organizations. In this sense, the capacity of organizations to meet the regulatory frameworks established by the LGPD (Law No. 13.709/2018) is discussed. In order to achieve the proposed intent, the study is based on NBR ISO/IEC 27001, NBR ISO/IEC 27002 and Law No. 13.709/2018. As for the objective, the research is descriptive with a qualitative approach and conducted through multiple case studies. The data were collected via semi-structured interviews with seven professionals responsible for the collection, manipulation or storage of data from companies of different sizes. The study was conducted two months (Oct/2018) after the sanction of the LGPD by the presidency of the Brazilian Republic, characterized as a cross-sectional type. The study showed that the companies are not prepared to meet the regulatory frameworks established by the LGPD, requiring considerable technical and management changes in the areas of Information Technology and Information Security.

Keywords : Privacy; Information security; NBR ISO/IEC 27001; NBR ISO/IEC 27002; IT Management..

        · abstract in Portuguese | Spanish     · text in Portuguese     · Portuguese ( pdf )