Components of the Preliminary Conceptual Model for Process Capability in LGPD (Brazilian Data Protection Regulation) Context

Abstract

A capability model describes the complete set of features that an organization requires to execute its business model or fulfill its mission; the user’s environment must be increasingly included in the design and development of necessary and desired solutions. For this, the development of the model and its application are central issues. An account should be taken of legislation involving the protection of individuals’ personal data in any relationship involving the processing of information classified as personal data; as well as its impact on public and private companies across the country, considering any size and market segment, and taking into account the need to comply with legal requirements efficiently and sustainably, mitigating risk factors. Transdisciplinarity characterizes this research, as the digital transformation process integrates legal, technological aspects, risks, business analysis, good practices and standards of information technology management and digital compliance. This paper addresses this problem by analyzing the main areas of contribution to the assessment of process capability for digital transformation concerning cybersecurity in the context of personal data protection legislation. Finally, the main components of the future capability model are presented.