Extending an LGPD Compliance Inspection Checklist to Assess IoT Solutions: An Initial Proposal

Abstract

Society has become more dependent on technology, so investments in information security have become essential. In Brazil, the General Data Protection Law (Lei Geral de Protecão dos Dados LGPD) legislates information security management. This work aims to propose an instrument to evaluate the adequacy of IoT solutions regarding the LGPD. The proposal evaluation took place in a private institution linked to industrial innovation. The proposed mechanism can assist professionals in verifying the LGPD adequacy in IoT projects. The study identified LGPD compliance defects in an IoT solution deployed in several industries all over the 23 Brazilian states. However, the results cannot be generalized since we only evaluated it in a single company and one software solution. Replications are needed to identify whether these results apply to other companies and solutions.