Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

Sâmmara Éllen Renner Ferrão,Edna Dias Canedo,Pedro Henrique Teixeira Costa,Anderson Jefferson Cerqueira,Artur Potiguara Carvalho,Alana Paula Barbosa Mota

doi:10.3390/info12040168

Sâmmara Éllen Renner Ferrão, Edna Dias Canedo + Show 4 more

Open Access

https://doi.org/10.3390/info12040168

Copy DOI

Journal: Information	Publication Date: Apr 14, 2021
Citations: 11	License type: CC BY 4.0

Affiliation: Universidade de Brasília

Abstract

In order to guarantee the privacy of users’ data, the Brazilian government created the Brazilian General Data Protection Law (LGPD). This article made a diagnostic of Brazilian organizations in relation to their suitability for LGPD, based on the perception of Information Technology (IT) practitioners who work in these organizations. We used a survey with 41 questions to diagnose different Brazilian organizations, both public and private. The diagnostic questionnaire was answered by 105 IT practitioners. The results show that 27% of organizations process personal data of public access based on good faith and LGPD principles. In addition, our findings also revealed that 16.3% of organizations have not established a procedure or methodology to verify that the LGPD principles are being respected during the development of services that will handle personal data from the product or service design phase to its execution and 20% of the organizations did not establish a communication process to the personal data holders, regarding the possible data breaches. The result of the diagnostic allows organizations and data users to have an overview of how the treatment of personal data of their customers is being treated and which points of attention are in relation to the principles of LGPD.

Highlights

The data privacy concern is increasing daily for Brazilian citizens, especially with the entry into force of the General Data Protection Law (LGPD) [1]
Our main findings were—analyzing the results of research question (RQ.1), we identified that more than 31% of the companies handle personal data according to the principles of the LGPD and 30% of these companies have a communication plan for the Institutional Data Privacy Program (PPDI)
In Brazil the General Data Protection Law (LGPD) [1] was created. This Law has been published since august 2018 and it was inspired by the European General Data Protection Regulation (GDPR) [3]

Summary

Introduction

The data privacy concern is increasing daily for Brazilian citizens, especially with the entry into force of the General Data Protection Law (LGPD) [1]. LGPD, by its article 6, lays down some principles for personal data processing that can be associated with five of the six GDPR principles These principles should observe good faith, a Brazilian concept that can be understood in Brazilian civil law as a concept related to the ethical conduct of a citizen in which his ideas are molded from the conscience of the right conduct and dignity as well as being based on attitudes of honesty, principles, good intentions and with the purpose of harming no one [4], and are listed as follows [1,5,6]: 1. Non discrimination: the prohibition of data processing for discrimination or abuse purposes; and

Objectives

Methods

Results

Conclusion