A select group formed by managers specialized in Information Security and Information Technology was gathered on the Monday evening of August 26, for the 1st edition of RNPSeg. The event, which was promoted in Brasília by the Centro de Atendimento a Incidentes de Segurança from the Rede Nacional de Ensino e Pesquisa (CAIS/RNP) [Center of Security Incident Service from the Brazilian Network of Teaching and Research], stimulated the audience to reflect on data protection based on the perspective of security specialists and area executives.
In Brazil, the discussed theme will be legally supported by the Lei Geral de Proteção de Dados (LGPD, Brazilian General Data Protection Regulation) – Law No. 13,709/2018, which was approved on August 14 of 2018 and was promulgated to protect people’s rights of freedom and privacy. However, the standard use will begin on August of 2020, thus teaching and research institutions of the entire country will need to restructure their governance and security processes.
The meeting was rules by digital law specialist, Walter Capanema, and at a first moment, he introduced the experience that has been developed by Santander Bank. During the occasion, Data Protection manager of the financial institution, Florence Terada, detailed the actions of the Chief Data Officer (CDO) from the company to implement the LGPD. Firstly, data treatment was mapped by all bank areas, therefore the CDO was aware of what each area does with data. After this mapping, the required alterations were made in the processes and the bank began implementing the standard that will come into force. “Interlocution between all company areas is urgent and needs to happen right away. Technology needs to be adapted. A cultural adaptation needs to be done,” stated Florence.
Then, Okan Kibaroglu shared his experience as the head of Governance of Imperial College London (ICL), a teaching institution that is among the five best ones in Europe and ten best in the world. According to Okan, data protection has always been an ICL priority, which had recently to review its policies to adapt itself to the General Data Protection Regulation (GDPR), the European Union privacy legislation that has been effective since May of 2018.
The RNP head of Engineering and Operations, Eduardo Grizendi, celebrated the event and reinforced that knowing experiences from other countries will allow the evolution of Brazil within data protection atmosphere. “Getting to know new experiences allows catching a glimpse of opportunities. Therefore, we from RNP have the challenge of reflecting how we will be able make our data safer and, indeed, without forgetting that we need to help teaching and research institutions that depend on our infrastructure. Well organized, this process will put our country again in another level regarding data protection,” assessed Grizendi.
However, in the manager of CAIS/RNP assessment, Edilson Lima, time will be one of the Network greatest obstacles this year. “We have to delineate guidelines for adjusting the RNP ecosystem to the LGPD with celerity and intelligence. There are only a few more than 350 days for the legislation to come into force and we need to work together with only one goal: to spread the relevance of data protection in Brazil,” he declared.
By the end of the event, the RNP presented strategies that will be developed to support the teaching, research and innovation community, as to the LGPD adequacy. The actions include awareness activities on the law benefits and offering of specialized consulting businesses.