Tanus, Gabrielle Francinne de Souza CarvalhoPaula, Najara Mara Nascimento de2024-10-102024-10-102024-05-28PAULA, Najara Mara Nascimento de. Segurança da informação e a Lei Geral de Proteção de Dados Pessoais: estudo de caso na Liga Norte Riograndense Contra o Câncer . Orientação: Profa. Dra. Gabrielle Francinne de Souza Carvalho Tanus. Natal, 2024. 151 f . Dissertação (Mestrado em Gestão da Informação e do Conhecimento) - Universidade Federal do Rio Grande do Norte, Centro de Ciências Sociais Aplicadas, Programa de Pós-Graduação em Gestão da Informação e do Conhecimento. Natal, RN, 2024.https://repositorio.ufrn.br/handle/123456789/60357Contemporary organizations are large information centers and many purposes justify the processing of data by companies. When treated correctly during its life cycle, information adds value and becomes a relevant asset for organizational processes, strengthening companies’ chances of success. However, the inappropriate use of mass data can cause irreparable damage to society, and it is necessary to take care of the data to prevent misuse by unauthorized people. For this purpose, the General Personal Data Protection Law (LGPD) came into force in Brazil. This research addresses how the area of information Security contributes to compliance with the LGPD in the Liga Norte Riograndense Contra o Câncer (LIGA) hospital network. The objective is to propose actions to adapt to the LGPD through the application of Information Security guidelines to LIGA employees, through Business Process Management (BPM). Specifically, it seeks to: a) identify personal and sensitive data used is LIGA sectors; b) map the processes linked to this data; c) adapt irregular processes mapped in accordance with the LGPD; d) propose an action plan with recommendations for projects to adapt to the LGPD in hospitals. The theoretical framework covers the historical and conceptual contextualization of the LGPD, information security, business process management and data protection in the healthcare sector. The research, of an exploratory nature, uses inductive methods and case studies, employing data collection techniques such as action research, forms and business process management. The form was created with the participation of the LIGA Data Protection Committee, made up of a multidisciplinary team. The sample included managers from 41 sectors, distributed across four areas: patient experience coordination, medical coordination, infrastructure coordination and oncology school. The results present a general analysis of LIGA with regard to data processing in accordance with LGPD guidelines, identifying non-compliant processes and guiding process compliance based on the phases and stages of BPM. It is concluded that LIGA has good maturity in most stages of the information life cycle, but points such as storage period and disposal need attention. The need for new activities in existing processes and the creation of new processes to ensure compliance with the LGPD was identifiedAcesso AbertoSegurança da informaçãoLei geral de proteção de dadosLiga Norte Riograndense Contra o CâncermasterThesisCNPQ::CIENCIAS SOCIAIS APLICADAS::CIENCIA DA INFORMACAO