Optimizing Compliance: Comparative Study of Data Laws and Privacy Frameworks

Regarding privacy laws and digital globalization, understanding data regulation compliance and cross-jurisdictional challenges remains limited. To avoid administrative sanctions and protect user data, organizations and developers must bridge these gaps, navigating laws such as the General Data Protection Regulation (GDPR), the American Data Privacy and Protection Act (ADPPA), the General Data Protection Law (LGPD), and the Australian Privacy Act. This study focuses on creating a comprehensive compliance tool by investigating the similarities and nuances of these laws, as well as the challenges developers and organizations face in implementing Privacy by Design principles and ISO/IEC 29100 standards. Through a Systematic Literature Review (SLR) approach, topics of convergence and divergence among privacy laws and frameworks were pinpointed, as well as the challenges of implementing these laws in software. A survey was used to validate the challenges found in the SLR in the Brazilian context, in which most participants demonstrated a lack of knowledge regarding the LGPD. Lastly, we applied Framework Analysis to code and index key legislation points, allowing us to correlate them and develop a compliance-assistance tool. In the several contributions achieved, there is a deeper understanding of the privacy implications in a global context and its practical challenges, and also a practical guidance development, translating legal requirements into actions. Some limitations in this study lie in the interaction between selection and treatment in the survey, as participants' responses will not necessarily serve to generalize the challenges faced by all developers and organizations. In general, the contributions offer valuable theoretical and practical insights in the field of data privacy.