EDPOFFICER: OPTIMIZING PERSONAL DATA REQUEST MANAGEMENT AND ENHANCING THE DPO'S WORK WITH AN INTELLIGENT SYSTEM
TRIZ; Technological Business; Expert Systems; Data Protection; Innovation; Market Perspectives; Opportunities.
The General Data Protection Law (LGPD) establishes principles and technical controls for the security and privacy of personal data, ensuring the protection of citizens' fundamental rights. The right to informational self-determination grants data owners full awareness and control over how their data is used. The LGPD requires organizations to have a Data Protection Officer (DPO), who acts as the point of contact between the organization and data subjects, responsible for addressing data subject requests, ensuring transparency and efficiency in the processing of personal data. Failure to comply can result in harmful consequences for organizations, ranging from administrative fines and legal convictions to loss of credibility in the market. The problem at hand, which involves a reduced number of personnel, repetitive and error-prone processes, hampering compliance with legal deadlines in DPO analyses, has motivated the exploration of the possibility of an innovative system, presented in this dissertation along with potential solutions, using the TRIZ methodology. A market analysis is conducted, mapping data protection inventions in the Industry 4.0 and identifying key players, as well as researching investments in data security and privacy, demonstrating business opportunities. Finally, specifications for the requirements of an envisioned expert system prototype are presented, already registered with the INPI as edpOfficer, defining how information will be identified and processed in terms of software specification, aiming to optimize the management of data subject requests by the DPO, including a semantic analyzer in the user interface. This approach highlights the challenge of obtaining accurate and reliable information to support decision-making with minimal human intervention and the importance of providing the DPO with mechanisms to analyze and direct information to data subjects according to their needs, faster and without compromising quality.