Adequação da MOSE® Competence para a Implementação do Capítulo VII da LGPD: Um Mapeamento dos Ativos de Segurança e Boas Práticas
Data de publicação: 29/04/2021
This study presents a mapping of the assets present in the Guiding Model for the Success of Public and Private Companies (MOSE) and the articles included in the General Data Protection Law (LGPD) of the Brazilian Government, with regard to Security and Good Practices in Chapter VII of this law. The theme becomes relevant, as more and more companies from different contexts need to implement the articles contained in this law in order to adhere to the standard of regulation of personal data processing activities defined by the Brazilian Federal Government. However, this law still needs guidelines for its proper implementation based on the adoption of good practices in models, methods and/or techniques available in the specialized literature. One of these instruments refers to the MOSE, which helps public and private companies to achieve levels of excellence in performance, governance and quality, in the production of goods and services, based on the use of practices and indicators specific to the area of knowledge or specialty. Thus, the research question guiding this work is: how to correspond/map the practices included in the MOSE to guide the implementation of the articles of the LGPD law? The methodology adopted was the asset mapping, described in a specific section of the paper, which included the following steps: definition of the LGPD chapter that focuses on data security management; definition of the model and law structures, and their inputs to be analyzed; identification of the description of each asset; analysis of correspondence between assets; evaluation of the mapping using the peer review technique with expert in the two target standards of this research. The result was the perception that 33% of the MOSE’s competences goals, with the appropriate adjustments, have total adherence with 100% of the security and good pratices assets of LGPD. This mapping is intended to provide assistance in defining a roadmap containing activities, work products, tools, indicators and expected results to achieve the goals defined in the LGPD.