Description

Opened consultation on draft Regulations for Reporting Security Incidents with Personal Data

On 2 May 2023, the National Data Protection Authority (ANPD) of Brazil opened a consultation, until 15 June 2023, on the draft Regulations for Reporting Security Incidents with Personal Data. The draft Regulations set out the standard reporting requirements for security incidents, as required by Art. 48 of the General Data Protection Law (LGPD). The draft Regulations require controllers to notify both the ANPD and the affected parties of security incidents where there is significant risk or damage in relation to personal data. The draft Regulations provide definitions of relevant incidents and set out the standard form of an incident report. Generally, an incident report must be made to both the ANPD and the affected parties within three working days of a controller becoming aware of the relevant incident. Finally, the draft Regulations contain record-keeping obligations for controllers and set out the procedures for the relevant supervisory and enforcement actions by the ANPD regarding security incidents.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-05-02
in consultation

On 2 May 2023, the National Data Protection Authority (ANPD) of Brazil opened a consultation, until…

2023-06-15
processing consultation

On 15 June 2023, the National Data Protection Authority (ANPD) of Brazil closed its consultation on…