The necessary measures to be taken by companies as a strategic and organizational management model in relation to the provisions of the General Data Protection Law (Atena Editora) (original) (raw)
Related papers
General Data Protection Law: Observations and Analysis of the Compliance Level of Organizations
2021
This article addresses the scenario of the impact of the Brazilian General Data Protection Law (LGPD) on organizations. For the research used a publication of the Federal Data Processing Service (SERPRO) in 2018, and the authors sent a survey with 14 questions related to the requirements established by the LGPD for companies. It was possible to interview, in 20 days, a total of 52 people who work both in the public service and in the private sector in organizations of different sizes. The study showed that the vast majority of companies have not yet fully adapted, even with the long period that lasted between the approval of the law and its entry into force, and that they need changes to meet the requirements proposed by the LGPD, whether in the area of security data, in the management of privacy, or in the processing of data of their holders, who may be natural or legal persons who in some way are also related to an individual.
SHS Web of Conferences
The aim of the research is to study data protection policies in developed countries and compare the same policies existing in the legal systems of developing countries. In this article, we review GDPR as a best practice for regulatory and corporate compliance. As an object, the law on personal data existing in Russia and Armenia legal system was analyzed and compared with the GDPR in the European Union. Benchmarking as a research method is used in the scientific work. Having researched the article, we can conclude that implementing and complying with a data protection policy based on GDPR contributes to regulation of two issues: developing a sustainable business and improving the data security of customers and employees.
Implementation of the General Data Protection Regulation in companies in the Republic of Croatia
Ekonomski Vjesnik, 2018
This paper deals with the current issue of protecting individuals regarding the processing of their personal data and the free movement of such data. As this matter is also regulated by the European Union legislation, the paper describes and analyzes the scope, implications, methods and tools for applying the new EU regulation adopted on 27 April 2016 by the Parliament and the Council of the European Union. The subject matter is the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The short title of this Regulation is General Data Protection Regulation (GDPR). The term GDPR is thus in common everyday use in companies and among business people, and will also be used in this paper. In addition, the paper analyzes the research conducted on the existing state of affairs and the way in which all collected personal data are processed and used by all stakeholders in the company Atlantic Grupa d.d., Zagreb. In addition, a harmonized project of a structured and methodologically correct procedure for implementation of the provisions of the new Regulation is described for the purpose of achieving the highest degree of compliance of all members of Atlantic Grupa d.d. with the provisions of the GDPR. Finally, the basic objective of the described project is explained, which is to avoid situations that would lead to the extremely high fines for non-compliance with the Regulation.
International Journal of Digital Law, Belo Horizonte, v. 2, n. 2, maio/ago. , 2021
This paper aims to present a comparative approach to data protection regulations around the world. Most countries possess data protection laws in some level of detail. In order to compare structures of data control and compliance in dissimilar systems, the study selected four distinct arrangements: the European General Data Protection Regulation (GDPR); the California Consumer Privacy Act (CCPA); the Brazilian Digital Privacy Law, Lei Geral de Proteção de Dados Pessoais (LGPD); and the Chinese Data Privacy Framework, which is molded by a set of different regulations. The analysis was based in common key points of those regulations-territorial scope, consent and disclosure, data security requirements, data transfer, Data Protection Officer, awareness and training, and penaltiesto explore the different policies and national goals. The paper argues that, in the landscape of the information based society, new law is needed to protect citizens' rights to privacy and to bound harvesting and mining of personal information to ensure transparency, control, and compliance of the information economy.
Personal Data Protection Policy Impact on the Company Development
WSEAS Transactions on Environment and Development, 2022
Guseva, O.Y., Kazarova, I.O., Dumanska, I.Y., Gorodetskyy, M.A., Melnichuk, L.V., & Saienko, V.H. (2022). Personal Data Protection Policy Impact on the Company Development. WSEAS Transactions on Environment and Development, 18, 232-246. DOI: 10.37394/232015.2022.18.25 This research paper deals with identifying the basic prerequisites for the IT companies' development in terms of tightening requirements for personal data protection. The article aimed at assessing the impact of personal data protection policy on the company development through the assessment of the efficiency of the use of intangible assets. The following methods were used in achieving this aim: comparative analysis, the method of horizontal analysis of company performance, correlation and regression analysis, graphical analysis, as well as the method of expert survey of the impact of macro-environmental factors on the company profitability level. It is established that the degree of personal data protection of customers of IT companies directly affects the financial performance of companies and contributes to the development of IT companies. The article proves that poorly developed personal data protection system of Ukrainian companies is related to the regulatory framework of the creation and registration of personal databases. The main world trends in the development of personal data protection were identified through the study of the provisions of international policy frameworks as compared to the legislation of Ukraine. The main area of application of the results obtained by the author are IT companies, in particular in the management of profitability in the context of WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT
. DIAS José Carlos Vaz e SICHEL Ricardo. Personal data protection in Brazil
The headlines of the newspapers and attorneys' newsletters focused last August greatly on the enactment of Law n o. 13,709/2018 (the so-called Personal Data Protection Law). The greatest of this law has been the ability to empower the Brazilian citizens during their relationship with others and business transactions when involving the disposal and transfer of personal rights to third parties. This empowerment took place by means of establishing several novelties for a better control of their personal data and the adoption of a "package of rights" against the misappropriation and misuse of personal information. Moreover, enforcement instruments have been adopted to strengthen such rights, including the creation of a public authority that will monitor the system and the heavy fines. Nevertheless, the protection of personal data is not a novelty neither created from the scratch. Instead, it came from the legal development on the protection of human dignity, intimacy and security on personal relationship. This legal system has been under continuous development since the Federal Constitution in 1988. This article focus on the examination of the construction of the personal data protection system and the setting up of the principles that have guided the existing protection under Law n o. 13,709/2018. It addresses as a secondary objective the so-called "package rights" and the main novelties of the system. This article should be understood as a primary piece of academic nature to point out how the past influenced the legal scenario for personal data protection.
Proposal of an Implementation Process for the Brazilian General Data Protection Law (LGPD)
Proceedings of the 23rd International Conference on Enterprise Information Systems, 2021
The increasing number of online users yields to a correlated increase in the number of varied personal data collection devices. As a result, it became necessary to create and regulate new personal data policies which define the rights and duties of public and private organizations and users. As occurred in other countries, the Brazilian General Data Protection Law (LGPD) was created to define the nationwide rules regarding the privacy of users' data. In this paper, we present the proposal for a LGPD implementation process, using the Business Process Modeling Notation (BPMN). This proposal is intended to allow the Brazilian Federal Public Administration (FPA) Agencies to perform the steps to implement the LGPD in an easier and more targeted way, resulting in increased privacy of personal data. The proposal also defines new roles and responsibilities within FPA Agencies to enable these Agencies for providing clarifications to complaints about personal data, receiving communications from the National Data Protection Authority (ANPD) and adopting measures, guiding employees in relation to rules, regulations and data protection laws.
Protection of personal data at the level of economic structures within companies in Romania
Proceedings of the International Conference on Business Excellence, 2019
The accounting profession must comply with the provisions of the Regulation no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 (“GDPR”). GDPR requires companies to take mandatory technical and organizational measures to demonstrate that personal data has been secured. Accounting practitioners process personal data and are therefore required to comply with specific legislation in the field of personal data protection. Professionals accountants are directly affected by these provisions as they collect, store and process personal data relating to customers, employees and subcontractors. This article aims to identify the risks and implications that can appear from the application of the GDPR at the level of the economic departments of the companies operating in Romania
Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue
Information
In order to guarantee the privacy of users’ data, the Brazilian government created the Brazilian General Data Protection Law (LGPD). This article made a diagnostic of Brazilian organizations in relation to their suitability for LGPD, based on the perception of Information Technology (IT) practitioners who work in these organizations. We used a survey with 41 questions to diagnose different Brazilian organizations, both public and private. The diagnostic questionnaire was answered by 105 IT practitioners. The results show that 27% of organizations process personal data of public access based on good faith and LGPD principles. In addition, our findings also revealed that 16.3% of organizations have not established a procedure or methodology to verify that the LGPD principles are being respected during the development of services that will handle personal data from the product or service design phase to its execution and 20% of the organizations did not establish a communication proces...