Conference Agenda

The General Data Protection Law (LGPD), enacted in Brazil in 2018, has brought transformations in how public and private institutions handle personal data. In the context of the National Archives of Brazil, the implementation of the LGPD represents a significant challenge but also an opportunity to modernize records management practices, ensure citizen privacy, and align with international data protection standards.

The LGPD (Law No. 13,709/2018) was inspired by the European Union's General Data Protection Regulation (GDPR) and establishes guidelines for the processing of personal data, including collection, storage, processing, and sharing. For the National Archives, an institution responsible for the custody and preservation of a significant portion of Brazil's documentary heritage, the LGPD required a reflection on work processes related to document management, especially those containing sensitive personal data.

The implementation of the LGPD at the National Archives not only meets a legal obligation but also reinforces the institution's commitment to transparency, ethics, and the protection of citizens' rights. This paper presents an overview of this implementation, highlighting the technical, legal, and cultural challenges, as well as the solutions adopted.

In Brazil, the General Data Protection Law (LGPD) (Law No. 13,709/2018) was published in 2018 and came into effect in 2020. Since 2019, the National Archives of Brazil has been striving to comply with the new personal data protection legislation. Initially, an internal working group was created to establish criteria for consulting and serving the collections held by the institution, harmonizing with other existing legislation in the country, such as the Archives Law (Law No. 8,159/1991) and the Access to Information Law (Law No. 12,527/2011). This group prepared a technical note and made the document available internally and externally.

Subsequently, the National Archives Council drafted Conarq Resolution No. 54, dated December 8, 2023, which establishes guidelines and rules for the application of the LGPD to permanent archives held by individuals or legal entities of public or private law. As the Council's scope is national, this recommendation was not limited to the National Archives but extended to institutions that are part of the National Archives System (SINAR).

In 2022, an internal committee was created to develop the personal data processing policy at the National Archives, with the appointment of committee members and the designation of the Data Protection Officer (DPO) responsible for implementing the policy.

The aim of this paper is to list the challenges and opportunities for implementing the personal data policy at the institution, with deliverables for society such as the personal data inventory, privacy and use terms in databases, and the publication of the personal data policy, now under the scope of the Ministry of Management and Public Services Innovation, to which the National Archives of Brazil is subordinate.

The European University Institute (EUI) has enhanced information governance by enlarging the scope of its filing plan and records retention schedule. Since 2021, EUI’s records management strategy has integrated policy, technology, and staff training, addressing challenges from digital transformation and societal demands for transparency. These tools now include expanded elements, forming the basis of an information governance dashboard developed collaboratively with internal stakeholders.

The paper aims to share the European University Institute's (EUI) efforts to improve information governance as a means of strengthening institutional accountability and transparency. This is achieved by the application of two "refurbished" fundamental records management tools: the filing plan and the records retention schedule.

Despite being the seat of the Historical Archives of the European Union (HAEU), a proper vision on records management has only recently been introduced at the EUI. Since 2021, the institution has initiated a strategy for the management of its information assets, comprising three core components: policy, technology, and staff capacity building. Concurrently, a new paradigm has emerged, significantly influencing the manner in which organisations oversee their information assets, which are frequently dispersed across a multitude of systems for the storage, retrieval, dissemination, and analysis of information. This paradigm shift can be attributed to several factors, including the exponential growth of information in various forms, the digitisation of business processes, the emergence of a post-Covid work environment, and the ongoing global digital transformation. These developments have led to heightened societal demands for enhanced accountability, transparency, privacy, security, interoperability, and information sharing within and between organisations. This new paradigm underscores the imperative for organisations to adopt a comprehensive, strategic approach to the management of their information assets, representing a significant challenge for any institution.

In order to address the existing gap and take a unified approach in areas such as data protection, information technology and information security, the EUI has expanded the scope of two fundamental records management tools: the filing plan and, in particular, the records retention schedule. This initiative aims to furnish the EUI with a preliminary version of what will eventually become an information governance dashboard. This objective has been accomplished primarily through the integration of additional elements into these tools, as illustrated below:

(i) Filing Plan: Headings (Functions, Activities, Sub-activities), Record Series, Responsible Unit(s), Description, Arrangement Criteria, Document Types, Medium and Information Technology (As-is), Online Availability, Digital Version Storage.

(ii) Records Retention Schedule: The same elements of the Filing Plan, plus Trigger Action, Retention Period, Disposition Action, Information Security, Vital Records, Technology (To-be).

Following the identification of the elements, a collaborative process involving numerous internal stakeholders has resulted in the preliminary formulation of these tools, which serve as the foundation of information governance at the EUI.

Sharing his experience, the speaker illustrates an example of how document management, with its basic policy tools, can become a key element in the development of information governance in an institution.

This article examines Resolution Conarq No. 54/2023, which establishes guidelines for applying Brazil's General Data Protection Law (LGPD) to permanent archives. It explores intersections between the LGPD, the National Archives Law, and the Access to Information Law, focusing on ensuring personal data protection while maintaining access to Brazil's cultural and historical archival heritage.

The article analyzes Resolution Conarq No. 54/2023, a result of the National Archives Council's efforts to provide clear guidance for applying the LGPD to permanent archives managed by public or private entities. The study situates permanent archives as part of Brazil's cultural heritage, addressing intersections between the National Archives Law, the Access to Information Law (LAI), and the LGPD. Using a documentary research methodology, the article reviews relevant legislation and identifies challenges faced by archival institutions.

Key issues discussed include balancing the right to privacy with public access to information, ensuring compliance with laws regulating archival management, and addressing practical challenges, such as data breaches and privacy violations. The article also highlights the importance of aligning archival practices with LGPD principles, including the anonymization of sensitive personal data, and considers the implications for academic and historical research. The study concludes with an evaluation of the impact of Resolution No. 54/2023 on safeguarding Brazil's cultural heritage while upholding personal data rights.

La publicitat activa pot significar un augment de la quantitat d’informació pública disponible, però no la seva qualitat. Aquesta qualitat només la podrem aconseguir integrant el backoffice de la gestió documental en el disseny de les polítiques de transparència, dins una estratègia integral de govern obert.

Amb aquest objectiu, es presenta una nova versió del Model de Maduresa en Gestió Documental per a la Transparència i la Publicitat Activa, ja testejat en diverses administracions catalanes.

Des de l’entrada en vigor de la Llei de transparència, accés a la informació pública i bon govern s’ha anat estenent la consciència que només amb el treball coordinat dels diferents agents involucrats, inclòs per descomptat el servei d’arxiu, es podrà assolir una transparència real. Ara bé, ¿com avaluar el progrés adequat respecte a la consolidació d’un sistema de gestió documental robust, capaç de donar resposta a les obligacions tècniques i normatives en matèria de transparència i publicitat activa? ¿Com guiar al conjunt d’entitats subjectes a la llei, la major part de les quals no compta amb un servei propi d’arxiu, en el camí cap a la integració del backoffice i el frontoffice?

Per tal de respondre a aquestes necessitats, l’Associació de Professionals de l’Arxivística i la Gestió de Documents de Catalunya va presentar l’any 2016 la primera versió del Model de maduresa en gestió documental per a la transparència i la publicitat activa (MMGDT). Com a novetat de 2025, i després d’un exhaustiu treball de revisió i actualització, l’associació oferirà una nova versió totalment adaptada a la realitat arxivística, normativa i tecnològica actual, que també estarà disponible en castellà i anglès.

Objectius

El MMGDT pretén orientar les administracions i organitzacions subjectes a la Llei 19/2014 cap a un seguit de procediments i bones pràctiques, basades en estàndards tècnics i obligacions legals, que permetin assolir una acció de govern transparent de manera creïble, eficient i sostenible.

Tal com determinen la Llei de transparència i la Llei d’arxius, la gestió de documents és l’únic fonament tècnic possible per al correcte tractament de la informació pública. El MMGDT, doncs, avalua com el seguit de principis, tècniques i instruments de la gestió documental s’estan aplicant en matèria de transparència i publicitat activa en una organització determinada.

Tot i que s’adequa especialment al marc normatiu català, pot adaptar-se fàcilment a qualsevol altre context ja que, més enllà de les obligacions legals mínimes existents, se centra en els estàndards internacionals i les bones pràctiques.

Característiques bàsiques del model

El MMGDT s’ha dissenyat com a eina d’avaluació transversal de les organitzacions, però, en cap cas pretén ser un índex exclusiu. De fet, alguns dels indicadors es poden puntuar d’acord amb el resultat obtingut amb altres sistemes d’avaluació.

El MMGDT es fonamenta en quatre nivells de maduresa, que determinen el grau de perfeccionament de l’organització, tres línies d’actuació, segons els àmbits estratègic, operatiu i de suport, deu perspectives operatives, com la viabilitat organitzacional, el compromís de les parts interessades o la base legal, i gairebé 40 indicadors desenvolupats al detall en forma de fitxes. Es tracta d’un sistema complet que permet avaluar de manera transversal el grau de transparència de les administracions i organitzacions a través de la gestió documental en el seu backoffice.