IT Management and Governance for Personal Data Protection

*By Renan Ramos

It is well known that information technology is extremely important for the operations and processes of organizations. In an area full of terms, nomenclatures and acronyms, it is natural that employees, employees, professionals, students and even managers are often confused with all of them.

IT Governance and Management:

IT governance can be considered an extension of corporate governance and consists of a set of rules and administrative practices that are often confused within organizations. The emphasis is on the organization seeking improvement and control over the use of resources and information technology.

With governance, we can outline and use strategies for the technology sector, seeking to identify if something needs to be changed to obtain a more efficient result and financial return, in line with risk appetite and corporate strategy. In this way, governance is responsible for the direct and concise control of all information technology solutions and resources for the healthy development of the business.

IT management, in turn, is directly connected to controls, management of operational policies and activities to be carried out within organizations on a day-to-day basis. The concept of management can be classified as an administration process that needs to be aligned with the guidelines determined by governance.

Among the responsibilities of management we can mention the planning, construction, delivery and monitoring of processes and tasks as established by those responsible for the organization. Management is established as a control system, allowing a view of all activities carried out and developed within the organization.

Difference between Governance and IT Management

While management focuses on the daily use of tools in the business and in the organization's activities, governance aims to ensure that all the company's necessary technological resources, such as hardware and software, are aligned with the strategy for the business.

General Benefits of IT Governance

  • Monitoring compliance with norms and rules defined by the market;
  • Better targeting of IT processes;
  • Guarantee of strategic alignment;

General Benefits of IT Management

  • Improve the performance of results;
  • Facilitate the process of digital transformation;
  • Greater monitoring of processes, risks and controls;
  • Greater agility in identifying, classifying and solving gaps and failures;

Relationship between IT Management and Governance with Personal Data Protection

The General Data Protection Law (LGPD) in its chapter VII, section II, called “Good Practices and Governance”, provides in articles 50 and 51 that controllers and operators, within the scope of their competence, for the treatment of personal data, may formulate rules of good practice and governance. (i) through associations or (ii) individually by the controller or operator of personal data.

By having a Governance structure to formulate rules and a Management structure to monitor their compliance, organizations (whether controllers or operators of personal data) are able to ensure a correct management of the personal data that are processed in their operations, requirements of the Law and carry out data processing activities in line with its business strategy.


It is understood that, in general, it is necessary to invest and build an IT governance and management structure by organizations to support the process of adapting to the requirements of the General Data Protection Law and ensure the protection of personal data. of employees and customers who are treated in its operations.

— Renan Ramos is Identity Access Management and Information Security Analyst at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!