{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T06:32:01Z","timestamp":1760596321062,"version":"build-2065373602"},"reference-count":37,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2021,4,14]],"date-time":"2021-04-14T00:00:00Z","timestamp":1618358400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>In order to guarantee the privacy of users\u2019 data, the Brazilian government created the Brazilian General Data Protection Law (LGPD). This article made a diagnostic of Brazilian organizations in relation to their suitability for LGPD, based on the perception of Information Technology (IT) practitioners who work in these organizations. We used a survey with 41 questions to diagnose different Brazilian organizations, both public and private. The diagnostic questionnaire was answered by 105 IT practitioners. The results show that 27% of organizations process personal data of public access based on good faith and LGPD principles. In addition, our findings also revealed that 16.3% of organizations have not established a procedure or methodology to verify that the LGPD principles are being respected during the development of services that will handle personal data from the product or service design phase to its execution and 20% of the organizations did not establish a communication process to the personal data holders, regarding the possible data breaches. The result of the diagnostic allows organizations and data users to have an overview of how the treatment of personal data of their customers is being treated and which points of attention are in relation to the principles of LGPD.<\/jats:p>","DOI":"10.3390\/info12040168","type":"journal-article","created":{"date-parts":[[2021,4,14]],"date-time":"2021-04-14T04:21:08Z","timestamp":1618374068000},"page":"168","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Diagnostic of Data Processing by Brazilian Organizations\u2014A Low Compliance Issue"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8372-0358","authenticated-orcid":false,"given":"S\u00e2mmara \u00c9llen Renner","family":"Ferr\u00e3o","sequence":"first","affiliation":[{"name":"Electrical Engineering Department (ENE), Technology College, University of Bras\u00edlia (UnB), Bras\u00edlia, DF P.O. Box 4466, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7463-1487","authenticated-orcid":false,"given":"Artur Potiguara","family":"Carvalho","sequence":"additional","affiliation":[{"name":"Electrical Engineering Department (ENE), Technology College, University of Bras\u00edlia (UnB), Bras\u00edlia, DF P.O. Box 4466, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2159-339X","authenticated-orcid":false,"given":"Edna Dias","family":"Canedo","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bras\u00edlia (UnB), Bras\u00edlia, DF P.O. Box 4466, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3976-6877","authenticated-orcid":false,"given":"Alana Paula Barbosa","family":"Mota","sequence":"additional","affiliation":[{"name":"Information Systems (IS), Pioneer Union of Social Integration (UPIS), Bras\u00edlia, DF P.O. Box 70390-125, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8385-8314","authenticated-orcid":false,"given":"Pedro Henrique Teixeira","family":"Costa","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bras\u00edlia (UnB), Bras\u00edlia, DF P.O. Box 4466, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6973-3240","authenticated-orcid":false,"given":"Anderson Jefferson","family":"Cerqueira","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bras\u00edlia (UnB), Bras\u00edlia, DF P.O. Box 4466, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,4,14]]},"reference":[{"key":"ref_1","unstructured":"Da Rep\u00fablica, P. (2020, July 22). Lei Geral de Prote\u00e7\u00e3o de Dados. 2018, Available online: http:\/\/www.planalto.gov.br\/ccivil_03\/_ato2015-2018\/2018\/lei\/L13709.htm."},{"key":"ref_2","unstructured":"Executivo, P. (2020, November 12). Medida Provis\u00f3ria 959\/2020. 2020. Available online: https:\/\/www.camara.leg.br\/propostas-legislativas\/2250977."},{"key":"ref_3","first-page":"859","article-title":"Comparative Analysis of the EU\u2019s GDPR and Brazil\u2019s LGPD: Enforcement Challenges with the LGPD","volume":"44","author":"Erickson","year":"2018","journal-title":"Brook. J. Int\u2019l L."},{"key":"ref_4","unstructured":"Rodrigues, S. (2003). Direito Civil, Editora Saraiva. Number v. 1 in Direito Civil."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Canedo, E.D., Calazans, A.T.S., Masson, E.T.S., Costa, P.H.T., and Lima, F. (2020). Perceptions of ICT Practitioners Regarding Software Privacy. Entropy, 22.","DOI":"10.3390\/e22040429"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Pessoa, C.R., Nunes, B.C., de Oliveira, C., and Marques, M.E. (2021). Effects and Projections of the Brazilian General Data Protection Law (LGPD) Application and the Role of the DPO. Digital Transformation and Challenges to Data Security and Privacy, IGI Global.","DOI":"10.4018\/978-1-7998-4201-9.ch011"},{"key":"ref_7","unstructured":"Federal, G. (2020, October 20). Guia de Boas Pr\u00e1ticas para Implementa\u00e7\u00e3o na Administra\u00e7\u00e3o P\u00fablica Federal. 2020, Available online: https:\/\/www.gov.br\/governodigital\/pt-br\/governanca-de-dados\/guia-lgpd.pdf."},{"key":"ref_8","unstructured":"Turn, R. (1986, January 2\u20136). Security and Privacy Requirements in Computing. Proceedings of the 1986 ACM Fall Joint Computer Conference, ACM \u201986, Dallas, TX, USA."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Schreiber, A. (2020). Right to Privacy and Personal Data Protection in Brazilian Law, Springer International Publishing.","DOI":"10.1007\/978-3-030-28049-9_2"},{"key":"ref_10","unstructured":"Standard, International Organization for Standardization (2019). ABNT NBR ISO\/IEC 27701:2019\u2014Security Techniques\u2014Extension to ISO\/IEC 27001 and ISO\/IEC 27002 for Privacy Information Management\u2014Requirements and Guidelines, Standard, International Organization for Standardization."},{"key":"ref_11","unstructured":"Standard, International Organization for Standardization (2015). ABNT NBR ISO\/IEC 27002: 2015\u2014Information Technology\u2014Security Techniques\u2014Code of Pratice for Information Security Controls, Standard, International Organization for Standardization."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1007\/s11787-012-0060-y","article-title":"A Universal Approach to Guarantee Data Privacy","volume":"7","author":"Studer","year":"2013","journal-title":"Log. Universalis"},{"key":"ref_13","first-page":"40","article-title":"Preserva\u00e7\u00e3o de Privacidade de Dados: Fundamentos, T\u00e9cnicas e Aplica\u00e7\u00f5es","volume":"3","author":"Brito","year":"2017","journal-title":"J. Atualiza\u00e7\u00e3o Inform."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"101469","DOI":"10.1016\/j.is.2019.101469","article-title":"Design principles for the General Data Protection Regulation (GDPR): A formal concept analysis and its evaluation","volume":"91","author":"Tamburri","year":"2020","journal-title":"Inf. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"389","DOI":"10.5220\/0007383803890396","article-title":"Towards Aligning GDPR Compliance with Software Development: A Research Agenda","volume":"Volume 1","author":"Jensen","year":"2019","journal-title":"Proceedings of the 5th International Conference on Information Systems Security and Privacy"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"15961","DOI":"10.1109\/ACCESS.2021.3053130","article-title":"GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps","volume":"9","author":"Caiza","year":"2021","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Daud\u00e9n-Esmel, C., Castell\u00e0-Roca, J., Viejo, A., and Domingo-Ferrer, J. (2021, January 8\u201310). Lightweight Blockchain-based Platform for GDPR-Compliant Personal Data Management. Proceedings of the 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), Zhuhai, China.","DOI":"10.1109\/CSP51677.2021.9357602"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Daoudagh, S., Marchetti, E., Savarino, V., Bernardo, R.D., and Alessi, M. (2021, April 10). How to Improve the GDPR Compliance through Consent Management and Access Control. Available online: https:\/\/www.scitepress.org\/Papers\/2021\/102602\/102602.pdf.","DOI":"10.5220\/0010260205340541"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Diamantopoulou, V., Androutsopoulou, A., Gritzalis, S., and Charalabidis, Y. (2020). Preserving Digital Privacy in e-Participation Environments: Towards GDPR Compliance. Information, 11.","DOI":"10.3390\/info11020117"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Carauta Ribeiro, R., and Dias Canedo, E. (2020, January 17\u201319). Using MCDA for Selecting Criteria of LGPD Compliant Personal Data Security. Proceedings of the The 21st Annual International Conference on Digital Government Research, dg.o \u201920, Seoul, Korea.","DOI":"10.1145\/3396956.3398252"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Carvalho, A.P., Canedo, E.D., Carvalho, F.P., and Carvalho, P.H.P. (2020, January 5\u20137). Anonymisation and Compliance to Protection Data: Impacts and Challenges into Big Data. Proceedings of the ICEIS (1), SCITEPRESS, Prague, Czech Republic.","DOI":"10.5220\/0009411100310041"},{"key":"ref_22","unstructured":"Regulation, G.D.P. (2021, March 08). EU Data Protection Rules. 2018. Available online: https:\/\/ec.europa.eu\/commission\/priorities\/justice-and-fundamental-rights\/data-protection\/2018-reform-eu-data-protection-rules_en."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Potiguara Carvalho, A., Potiguara Carvalho, F., Dias Canedo, E., and Potiguara Carvalho, P.H. (2020, January 18\u201321). Big Data, Anonymisation and Governance to Personal Data Protection. Proceedings of the dg.o \u201920: The 21st Annual International Conference on Digital Government Research, Aguascalientes, Mexico.","DOI":"10.1145\/3396956.3398253"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Oliveira, N.S.d. (2019). Seguran\u00e7a da Informa\u00e7\u00e3o para Internet das Coisas (IoT): Uma Abordagem sobre a Lei Geral de Prote\u00e7\u00e3o de Dados (LGPD). Rev. Eletronica De Inicia\u00e7\u00e3o Cient. Em Comput., 17, Available online: https:\/\/seer.ufrgs.br\/reic\/article\/view\/88790.","DOI":"10.5753\/reic.2019.1704"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Silva, J., Calegari, N., and Gomes, E. (2019, January 13\u201317). After Brazil\u2019s general data protection law: Authorization in decentralized web applications. Proceedings of the Companion, 2019 World Wide Web Conference, San Francisco, CA, USA.","DOI":"10.1145\/3308560.3316461"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Pattakou, A., Mavroeidi, A., Diamantopoulou, V., Kalloniatis, C., and Gritzalis, S. (2018, January 20). Towards the Design of Usable Privacy by Design Methodologies. Proceedings of the 2018 IEEE 5th International Workshop on Evolving Security Privacy Requirements Engineering (ESPRE), Banff, AB, Canada.","DOI":"10.1109\/ESPRE.2018.00007"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Carvalho, L.P., Oliveira, J., and Cappelli, C. (2020). Pesquisas em An\u00e1lise de Redes Sociais e LGPD, an\u00e1lises e recomenda\u00e7\u00f5es. Proceedings of the Anais do IX Brazilian Workshop on Social Network Analysis and Mining, SBC.","DOI":"10.5753\/brasnam.2020.11164"},{"key":"ref_28","unstructured":"Sabino, R. (2021, April 10). Gest\u00e3o da Seguran\u00e7a da Informa\u00e7\u00e3o Orientado a LGPD: Impactos da Implanta\u00e7\u00e3o das Normas LGPD nos Processos da ADM SISTEMAS LTDA. 2020. Available online: http:\/\/www.riuni.unisul.br\/handle\/12345\/9664."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"3626","DOI":"10.34140\/bjbv2n4-012","article-title":"Metodologia para mapeamento dos requisitos listados na LGPD (Lei Geral de Prote\u00e7\u00e3o de Dados do Brasil n\u00famero 13.709\/18) e sua adequa\u00e7\u00e3o perante a lei em uma institui\u00e7\u00e3o financeira-Um estudo de caso\/Methodology for mapping and adequacy of the requirements listed in LGPD (Brazil Data Protection General Law number 13 709\/18) in a financial institution-A case study","volume":"2","author":"Celidonio","year":"2020","journal-title":"Braz. J. Bus."},{"key":"ref_30","unstructured":"Alves, P.H.C., Frajhof, I.Z., Correia, F.A., de Souza, C.S., and Lopes, H. (2020). Second layer data governance for permissioned blockchains: The privacy management challenge. arXiv."},{"key":"ref_31","unstructured":"Morte, A.B., Meira, A., Costa, R., and Mariz, D. (2021, April 10). Uma An\u00e1lise Sobre o Uso de DLTs no Tratamento de Dados Pessoais: Ader\u00eancia aos Princ\u00edpios e Direitos elencados na LGPD. Available online: https:\/\/sol.sbc.org.br\/index.php\/wblockchain\/article\/view\/12435."},{"key":"ref_32","first-page":"36","article-title":"The Right to Data Protection versus \u201cSecurity\u201d: Contradictions of the Rights-discourse in the Brazilian General Personal Data Protection Act (LGPD)","volume":"15","year":"2020","journal-title":"Rev. Direitos Cult. Cult. Rights Rev."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1109\/MC.2020.2997322","article-title":"The Economics of Cyberattacks on Brazil","volume":"53","author":"Kshetri","year":"2020","journal-title":"Computer"},{"key":"ref_34","first-page":"30","article-title":"GDPR Compliance in SMEs: There is much to be done","volume":"3","author":"Freitas","year":"2018","journal-title":"J. Inf. Syst. Eng. Manag."},{"key":"ref_35","unstructured":"Presthus, W., S\u00f8rum, H., and Andersen, L.R. (2018). GDPR Compliance in Norwegian Companies. Norsk konferanse for organisasjoners bruk at IT, Nokobit."},{"key":"ref_36","unstructured":"Li, Z.S., Werner, C., Ernst, N., and Damian, D. (2020). Gdpr compliance in the context of continuous integration. arXiv."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Lee, A., Carver, J.C., and Bosu, A. (2017, January 20\u201328). Understanding the impressions, motivations, and barriers of one time code contributors to FLOSS projects: A survey. Proceedings of the ICSE, Buenos Aires, Argentina.","DOI":"10.1109\/ICSE.2017.25"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/12\/4\/168\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:47:48Z","timestamp":1760161668000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/12\/4\/168"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,14]]},"references-count":37,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,4]]}},"alternative-id":["info12040168"],"URL":"https:\/\/doi.org\/10.3390\/info12040168","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2021,4,14]]}}}