Abstract

The legislation and regulations related to data protection and privacy present the requirements that organizations, processes, products and environments need to meet to be considered secure. Among the recommended requirements, the “Accountability” and “Privacy Compliance” requirements stand out, which define that organizations must be responsible and able to demonstrate compliance with current laws and regulations. In addition to the challenge of implementing such requirements, it is necessary to adopt systematized processes that prove how and on what evidence these requirements are validated. This article presents a model called COM.PRIVACY to manage evidence of data protection and privacy to demonstrate diligence and compliance with good practice regulations. Design Science Research (DSR) was used as a research method for proposing the model. For its validation, COM.PRIVACY was applied in an organization that made it possible to observe and identify improvements during its use, in addition to submitting a questionnaire to specialists to evaluate the model. It was concluded that the model supports the validation and proof of compliance with data protection and privacy requirements in all data processing operations, and can be adopted both in the activity of adequacy and implementation of regulations, in the process of measurement and verification compliance with them, as well as to promote transparency in the processing of data to their holders.

Keywords:
data protection; data privacy; evidence management; information security