HighlightsPrivacy espresso seriesResourcesMay 9, 2024Unpacking the ANPD’s Security Incident Reporting Regulation

maxresdefault (2)

In this new #privacyespresso podcast episode, Luiza Sato, partner at TozziniFreire Advogados, PrivacyRules Brazilian law firm member, dives deep into the recently published Security Incident Reporting Regulation by the Brazilian Data Protection Authority (ANPD), which provides crucial guidelines for handling security incidents.

Key Highlights:

  Definition and Impact: The regulation now clearly defines an “information security incident” and outlines the specific cases that must be notified to both the ANPD and affected data subjects.

  Notification Requirements: Detailed guidance on what constitutes a significant effect on data subjects’ interests and rights, including specific categories of data such as sensitive personal data and financial data.

  Reporting Deadlines: The regulation sets a clear deadline of 3 business days for notifying both the ANPD and affected data subjects once a data breach impacting personal data is identified.

  Ongoing Obligations: New requirements for controllers include maintaining records of security incidents for at least five years and implementing internal policies and training to comply with the regulation.

What’s Next for Controllers? Luiza emphasizes the importance of compliance, reviewing internal policies, and conducting staff training to prepare for inevitable data breaches.

Tune in to gain expert insights and practical advice on navigating Brazil’s evolving data protection landscape. This episode is a must-listen for anyone involved in data privacy and cybersecurity, especially those operating in or with Brazil.

🎧 Listen now and stay ahead in the world of data protection:  https://bit.ly/4dyFwZ3