Proposta de um projeto de conformidade a partir das práticas da ISO 27701 para implementação de um programa compliance de proteção de dados à luz da LGPD na Universidade de Rio Verde

Abstract

Today's society, marked by the revolutions that have taken place in recent decades, has its relationships, at various levels, based on the exchange of information. This new dynamic, driven mainly by the emergence and expansion of the internet, has brought undeniable benefits. In view of this, the study aimed to address the issue of data protection, focusing on the University of Rio Verde, in order to assess the need to implement, within the institution, a data compliance program based on the LGPD and the ISO 27701. For this, a research was developed based on three stages, problem identification, documental organization of the research (theoretical framework) and its applicability, through the suggestion of implementing a data protection compliance program in light of the LGPD and ISO 27701 at the UniRV – University of Rio Verde. Due to the inconvenience generated by the sharing of personal data, the legislator, over the years, sought solutions, with the elaboration of different legal norms, until culminating with the creation of a specific law, Law n. 13,709, of August 14, 2018, called the General Data Protection Law or LGPD. Therefore, organizations face the challenge of adjusting their activities to comply with legislation and, at the same time, guarantee the security of the personal data to which they have access, which has also become a competitive differentiator in the market. This, however, requires changes and practical adjustments, which is why they resort to technical standards, such as ISO 27701, explored in this study, which, together with the LGPD, is capable of defining a compliance system capable of be used at the University of Rio Verde and other institutions of this nature.