2025-07-172025-07-172025-06-03https://repositorio.ifal.edu.br/handle/123456789/1070The Brazilian General Data Protection Law (LGPD) presents significant challenges for healthcare institutions, especially regarding the handling of patients' sensitive data. This study investigates the compliance process of a large private hospital with the LGPD, focusing on information systems and information security practices to identify the main technical and organizational challenges encountered. The research adopts the Goal-Question-Metric (GQM) model, which enabled a structured analysis based on defined objectives, investigative questions, and measurable metrics. The results reveal gaps in areas such as security infrastructure, access management, contract updates, and staff training, indicating weaknesses in data governance and the implementation of internal controls. Based on the evidence gathered through document analysis and validation with institutional professionals, this study proposes recommendations to enhance regulatory compliance and strengthen the protection of personal data in hospital environments.ptAttribution-ShareAlike 3.0 BrazilSistemas de InformaçãoLei Geral de Proteção de Dados (LGPD)Segurança da informaçãoGovernança de dadosInformation securityData governanceTrabalho de Conclusão de CursoCIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::METODOLOGIA E TECNICAS DA COMPUTACAO::SISTEMAS DE INFORMACAO