Guide to best practices for privacy and personal data protection
Keywords:
General Data Protection Law (LGPD), Personal data governance, Information security, Public administrationSynopsis
This guide presents, in a clear and practical manner, ways to implement the General Data Protection Law (Law No. 13,709/2018) in public institutions, focusing on changes in routine and in the functioning of information systems. The content is the result of a survey and analysis of documents and practices of organizations that have already successfully advanced in adapting to the LGPD, with validation in the context of Ibict.
Throughout the book, the reader will find an objective explanation of personal data governance, concepts that often generate doubt (privacy, personal data and its categories, such as sensitive, anonymized, and pseudonymized data), the fundamentals and principles of the LGPD, legal bases for processing, and operations distributed throughout the data lifecycle. There is also an overview focused on studies and research, aligned with ANPD guidelines, and a discussion on ownership, protection, and classification of information, in dialogue with related standards.
On the more practical side, the guide brings together everyday best practices to reduce risks and support compliance, with guidance on social engineering, information security, and operational precautions in common activities, such as email use, software installation, backups, protection against malicious code, internet browsing, password management, and mobile device use.
The text also addresses incidents, responsibilities, auditing, and continuous updating. It is intended for technical and administrative teams, managers, researchers, and professionals who deal with personal data and need a reliable, understandable, and replicable reference for applying the LGPD.
