How ABNT helps companies protect their data and privacy

Data protection is a hot topic in today’s digital world, especially with the increasing number of cyberattacks and data breaches that threaten the security and privacy of personal and corporate information. In Brazil, the issue became even more relevant with the enforcement of the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – LGPD), which requires companies to adopt measures to ensure the proper handling of data.

But how can companies comply with the LGPD and other regulations, and also implement best practices to safeguard their data and privacy in Brazil? One way is to follow the standards developed by the Brazilian Association of Technical Standards (Associação Brasileira de Normas Técnicas – ABNT), the national body for standardization, certification, and training.

ABNT has a wide range of standards related to information security, cybersecurity, and privacy protection, which are constantly updated to reflect the latest developments and challenges in the field. These standards are based on international benchmarks, such as the ISO/IEC 27000 series, and provide guidelines and recommendations for organizations to establish, implement, maintain, and improve their systems and processes for data protection.

Some of the recent standards published by ABNT include:

  • ABNT NBR ISO/IEC 38507: This standard provides guidance on the governance implications of using artificial intelligence (AI) by organizations, such as ethical, legal, and social aspects, as well as risks and opportunities.
  • ABNT NBR ISO/IEC 27035-1 and 2: These standards specify the principles and processes for managing information security incidents, from preparation and detection to response and learning.
  • ABNT NBR ISO/IEC 27557: This standard applies the principles of risk management, as defined in ABNT NBR ISO 31000, to the organizational privacy context, and helps organizations identify, assess, treat, and monitor privacy risks.
  • ABNT NBR ISO/IEC 27555: This standard provides guidance on the removal of personal data from information and communication technology (ICT) systems, such as deletion, anonymization, pseudonymization, and encryption.

In addition to developing standards, ABNT also offers certification and training services for companies and professionals who want to demonstrate their compliance and competence in data protection. ABNT has certified more than 400 products, systems, and services in various sectors, and has trained more than 120 professionals in information security and privacy management courses.