Description

Closed consultation on draft Regulations for Reporting Security Incidents with Personal Data

On 15 June 2023, the National Data Protection Authority (ANPD) of Brazil closed its consultation on the draft Regulations for Reporting Security Incidents with Personal Data. The draft Regulations set out the standard reporting requirements for security incidents, as required by Art.48 of the General Data Protection Law (LGPD). The draft Regulations require controllers to notify both the ANPD and the affected parties of security incidents where there is significant risk or damage in relation to personal data. The draft Regulations provide definitions of relevant incidents and set out the standard form of an incident report. Generally, an incident report must be made to both the ANPD and the affected parties within three working days of a controller becoming aware of the relevant incident. Finally, the draft Regulations contain record-keeping obligations for controllers and set out the procedures for the relevant supervisory and enforcement actions by the ANPD regarding security incidents. The consultation was initially intended to close on 31 May. Instead, the deadline for response was extended until 15 June 2023.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-05-02
in consultation

On 2 May 2023, the National Data Protection Authority (ANPD) of Brazil opened a consultation, until…

2023-06-15
processing consultation

On 15 June 2023, the National Data Protection Authority (ANPD) of Brazil closed its consultation on…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.