Digital Policy Alert logo

Brazil: Implemented ANPD Security Incident Reporting Regulation (Resolution No. 15)

Policy overview

Description

Implemented ANPD Security Incident Reporting Regulation (Resolution No. 15)

On 26 April 2024, the National Data Protection Authority (ANPD)’s Security Incident Reporting Regulation (Resolution No. 15) entered into force. The regulation sets forth a framework for handling security incidents that have the potential to pose significant risks or cause harm to data subjects. Among its provisions, the regulation outlines specific criteria for reporting such incidents, establishes protocols for communication both to the ANPD and affected data subjects, and delineates procedures for thorough investigation, communication, and record-keeping. In particular, the regulation specifies that data controllers are required to notify the ANPD within 3 working days of security incidents.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2024-04-24
adopted

On 24 April 2024, the National Data Protection Authority (ANPD) of Brazil adopted the Security Inci…

2024-04-26
in force

On 26 April 2024, the National Data Protection Authority (ANPD)’s Security Incident Reporting Regul…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.