top of page

How to meet LGPD requirements with
modern Data Governance capabilities

By Max Rabello Madsen - Expert Team Leader at MD2 Consultoria e Negócios - 26/04/2019

The arrival of LGPD (General Law on Personal Data Protection - Law 13.709/2018) imposes a significant cultural change in companies. And the term "general" has just this sense, it applies to any organization. The LGPD establishes strict standards of data governance and incident management that may represent some kind of risk in the leak of the holder's information, regulates the rules of control and use of this data, and may incur severe fines in case of non-compliance.

But the reality of Brazilian companies is very far from maturity in Data Governance, which are mostly composed of a computer park full of dispersed and little-known systems, sustaining processes with little documentation and practically no level of risk control. The Challenge is aggravated by the technological revolution of the digital age, which in the opposite direction continues investing in new initiatives such as modern Big Data platforms or cloud computing systems.

The big challenge lies in the following dilemma: How could companies that have a large collection of poorly documented legacy systems investigate, catalog, classify, manage and monitor all their information systems in a short period of time and create a single view of the holders of this data to meet the requirements of the law?


Fortunately, large technology companies like IBM are also investing heavily in enhancing their governance tools and MD2 with extensive experience in information management projects helps with insight into the context of our clients to take advantage of IBM technology. In this context, the unified data governance platform called IBM InfoSphere Information Server is an excellent example of how the enterprise can quickly enhance its ability to know and control its data assets. I will detail three components of this suite that can effectively help the enterprise unravel these systems and databases. In addition to creating a complete and contextualized inventory over this entire ecosystem in a quick and automated manner, this toolset enforces a set of information security policies and data protection rules that effectively ensures regulatory compliance. In addition, you can create an enterprise platform for greater collaboration among users and better knowledge of your customers, suppliers and employees.

IBM InfoSphere Metadata Asses Manager (IMAM): responsible for tracking and cataloging all existing databases in the company, monitoring and versioning future structural changes;
IBM InfoSphere Information Analyzer (IA): responsible for investigating data quality and automated classification of the type of information stored;
IBM InfoSphere Governance Catalog (IGC): responsible for structuring the governance policies defined by the organization, including a wide set of data rules and a glossary of categories and terms that unifies the corporate vocabulary the directives established by the company;

Implementation must proceed on two parallel fronts:

The first is a top-down approach, which structures the data governance area by capturing and formalizing corporate directives. MD2 can provide IBM IGC populated with a complete set of data governance policies, including information security and data privacy rules. This structure greatly accelerates the implementation of the governance program, as it is only up to the client to confirm what does or does not apply to their scenario.


The second work front follows the bottom-up model, investigating existing systems, uncovering information silos, and populating the platform's central metadata repository with IMAM, thus creating a complete inventory of enterprise systems and their data structures.


For each entity cataloged, the IA investigates the quality of the stored data, identifying registration vices and classifying the information found in a fully automated manner.

As a result of these two work fronts, your company may have, in a short period of time, the following results:

  • Structuring of the Data Governance Program with Policies, Rules and Glossary;

  • Complete Inventory of Corporate Systems and their Data Structures;

  • Data Quality Analysis and Classification of Existing Information;


Thus, even for companies with low maturity in data governance and virtually no knowledge of existing information systems, can master the environment and create a collaborative platform containing mechanisms for control and management of available information.

Taking advantage of our twenty years of experience in the national market with complex information management projects, MD2 developed the MD2 LGPD Suite solution, which encompasses all IBM components mentioned in this article and embeds a robust master data management (MDM) component, in addition to a complete platform for improvement management, process quality and incident handling (MD2 Quality Manager).

bottom of page