GOVERNANÇA DE DADOS E REQUISITOS LEGAIS: UMA ANÁLISE DA RELAÇÃO ENTRE A LGPD E OS FRAMEWORKS COBIT E ITIL

Abstract

The General Data Protection Law (LGPD) presents good practice and governance rules that establish organizational conditions, such as operating regime, procedures, data subject complaints and petitions, security standards, technical standards, stakeholder obligations, risk management and mitigation, and other aspects related to the processing of personal data. The use of governance tools such as ITIL 4 and COBIT 2019 assist in the strategic planning and management, respectively, of IT governance in organizations. In Brazil, the LGPD is the legal standard for the use, protection, and processing of data. This study surveys the articles, objectives, and practices of the LGPD, COBIT 2019, and ITIL 4, respectively, as data governance requirements in information technology, aiming to influence the definition, implementation, and management of non-functional requirements in corporate systems for LGPD compliance. For the study, all 40 COBIT 2019 objectives, the 34 ITIL 4 management practices, and the LGPD requirements were analyzed. To analyze whether an organization, by adopting these frameworks, is sufficiently compliant with Brazilian legal regulations (LGPD), the study verified whether the requirements in COBIT 2019 and ITIL met the LGPD. This study concludes that the use of governance tools such as ITIL and COBIT, when properly applied, are sufficient to comply with the LGPD. COBIT is aimed at IT governance as a whole, encompassing all stakeholders in the process, including the implementation of policies, standards, methods, and procedures, to be applied adaptively at different levels of the organization to improve the balance between the parties.