If I understood well, you're asking why ISO 27001 was not mentioned in the LGPD (Brazilian personal data protection law).
Typically, laws and regulations do not require particular standards to be implemented because they do not want to prescribe how the implementation needs to look like.
GDPR (European personal data protection regulation) is very similar to LGPD, and it also does not refer to ISO 27001 - we have analyzed GDPR and found ISO 27001 to be very useful for its implementation, you can find the white paper here: What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help
Comment as guest or Sign in
Jan 23, 2020