SlideShare a Scribd company logo

The Brazilian LGPD is Here: What You Need to Know

TrustArc
TrustArc

After a number of postponements and many discussions about further delay, the Brazilian Lei Geral de Protecção de Dados Pessoais (General Data Protection Law, LGPD) is on the verge of entering into force. In a surprise move, the Brazilian Senate on Wednesday 26 August decided not to agree to a further postponement, but to let the law enter into application immediately. Enforcement of the law will start in August 2021. While waiting for the official start sign of the law, this seems to be the right moment to take another look at what the LGPD requires from organizations doing business in Brazil. When looking at the new Brazilian law, it is immediately clear that there is a fair amount of overlap between the LGPD and the GDPR. This is no surprise - the LGPD is an omnibus data protection law as well, modeled after the GDPR. It explicitly recognises that data protection is linked to the respect for privacy, to informed self-determination and human rights, but also to free enterprise and free competition. Join this webinar to learn about LGPD requirements and what is required from organizations doing business in Brazil. This webinar will review: -The current status of LGPD and its enforcement timeline -Requirements for organizations doing business in Brazil including accountability, legal bases, individual rights and International transfers -How to prepare for compliance

Technology
1 of 28
Download to read offline
© 2020 TrustArc Inc. Proprietary and Confidential Information. The Brazilian LGPD is Here: What You Need to Know September 16, 2020 1
Speakers 2 Paul Breitbarth LL.M Director, EU Policy & Strategy TrustArc Christina Fratschko HBA, MLIS, CIPP/US Privacy Research Specialist, Privacy Intelligence TrustArc Jucival Dos Santos MBA Managing Principal & Founder Assent Trust
Agenda 3 ● The current status of LGPD and its enforcement timeline ● Requirements for organizations doing business in Brazil including accountability, legal bases, individual rights and International transfers ● How to prepare for compliance
© 2019 TrustArc Inc Proprietary and Confidential Information The current status of LGPD and its enforcement timeline
Adoption of the LGPD 5 16 August 2020 Expected entry into force of LGPD Proposal to postpone to 3 May 2021, because of COVID-19 26 August 2020 Senate rejects 2021 postponement Publication of the ANPD Decree (regulator) Before 17 September 2020 President Bolsonaro confirms application of LGPD August 2021 LGPD penalties can be imposed
© 2019 TrustArc Inc Proprietary and Confidential Information Requirements for organizations doing business in Brazil
Legal Bases 7 I. Consent II. Compliance with a legal obligation III. Public administration for public policies IV.Research V. Execution of a contract, or preliminary procedures for a contract VI.Legal procedures VII.Protection of life or physical safety VIII.Protection of health [only for healthcare professionals] IX.Legitimate interests X. Protection of credit Article 7 LGPD et seq.
Individual Rights 8 ● Data ownership ● Confirmation of the existence of processing ● Access ● Correction ● Anonymization, blocking or deletion of unnecessary or excessive data ● Data portability ● Withdrawal of consent, followed by deletion ● Information about data sharing Article 17 LGPD et seq.
International Transfers 9 ● International data transfers: the transfer of personal data to a foreign country or to an international entity of which the country is a member. ● Main Rule: data transfers only to adequate countries ○ Brazilian DPA will need to draft the list once up and running ○ Criteria: applicable data protection regime and the nature of the data; alignment of security requirements with the LGPD; existence of judicial and institutional guarantees for respecting the rights of personal data protection ● Alternative: transfers based on sufficient guarantees the data will be protected ○ standard contractual clauses or ad hoc agreements; ○ global corporate rules (like BCRs and CPBRs); ○ public interests; ○ consent; or ○ following approval by the DPA. Chapter V LGPD
Data Breaches 10 ● Security incidents that may lead to material risk or harm must be reported, in a reasonable time period, to the national authority (to be the DPA), and affected data subjects. ● The notification should include a: ○ description of the nature of personal data affected; ○ information about affected data subjects; ○ an indication of the technical and safety measures used to protect personal data; ○ risks related to the incident; ○ measures that will be adopted to reverse or mitigate the effects of the incident; and ○ reasons for any delayed notification. ● The DPA may require controllers to adopt measures such as: ○ wide dissemination of the incident to the media; and ○ measures to reverse or mitigate the effects of the incident. Article 48 LGPD
Accountability Obligations 11 ● One of the key principles of the LGPD ● Both controllers and processors will need to be able to demonstrate “the adoption of measures which are efficient and capable of proving the compliance with the rules of personal data protection, including the efficacy of such measures” ● Includes: ○ Appointment of DPO (subject to ANPD guidance) ○ Processing activities register ○ Impact and Risk Assessments (subject to ANPD guidance) ● Suggestion to develop a privacy compliance program ○ Demonstrating commitment to adopt internal processes and policies that ensure broad compliance ○ Establishing adequate policies and safeguards based on a process of systematic evaluation of the impacts on and risks to privacy ○ Integrate privacy governance into the general governance structure ○ Regular updates Article 6(x) and 50 LGPD
© 2019 TrustArc Inc Proprietary and Confidential Information The new Brazilian Data Protection Authority
Main Characteristics of the ANPD 13
Main characteristics of the ANPD 14 ● The ANPD will be part of the Federal Administration and bound to the Executive Office of the President ● Two main bodies of the ANPD are: ○ The Board of Directors: ■ This is the top executive body and is comprised of 5 members, including the Chairman, who has normative, investigatory, and corrective powers ○ The National Data Protection and Privacy Council (aka the Advisory Board): ■ This is a consulting body, comprised of 21 members who are chosen among representatives of different bodies of the administration, the Legislative Branch, the Judicial Branch, and entities representing civil society organizations ● ANPD officials will be appointed based on a reappointment of the budget of the Ministry of the Economy, and the President will have the authority to appoint the Board and Council Members ● Board Members will have a 4 year term, however the terms of office of the first members of the Board will be 2, 3, 4, 5, and 6 years ● Council members will have a 2 year term and reelection is permitted only once ● The Decree will come into force upon publication of the appointment of the Chairman of the Board by the President
Powers of the ANPD 15 ● ANPD Responsibilities Includes: ○ Ensuring protection of personal data ○ Editing procedures of protection of personal data ○ Requesting information from controllers and processors, at any time, on processing operations ○ Inspecting and applying sanctions for processing violations ○ Carrying out audits to determine compliance with the LGPD ○ Communicating any criminal offenses to competent authorities ○ Promoting cooperation actions with personal data protection authorities of other countries ○ Ensuring processing of data on the elderly is carried out in a simple, clear, accessible and appropriate way for their understanding ○ Imposing administrative sanctions
Powers of the Board of Directors of the Executive Board 16 ● Requesting from Controllers: ○ An impact report on the protection of personal data when processing is based on legitimate interests ○ Supplementary information and carry out checks on processing operations, in the context of approving international data transfers ● Authorizing International Data Transfers: ○ Including evaluating the adequacy of other countries' personal data protection ● Regulating: ○ Communication or shared use of sensitive personal data between controllers for economic advantage ○ Access to personal databases by research bodies when carrying out public health studies ○ Ethical standards related to studies and research: ■ Including the use of anonymization or pseudonymization ○ Portability of personal data between service or product supplies ○ Presentation format of data sent to data subjects upon their request: ■ i.e., that it is provided in a format that allows its subsequent use ○ Communication or shared use of personal data from legal entities under public law to legal entities under private law
Powers of the Directing Council of the Executive Board 17 ● Providing: ○ Standards and techniques used in anonymization processes ○ Forms of publicity for data processing operations carried out by legal entities governed by public law ● Determining: ○ Cessation of processing when there is a violation of the LGPD ○ Performance of an audit to verify discriminatory aspects in automated processing of personal data ○ Adoption of correction measures based on the severity of security incidents ○ Deadline to report a data breach ○ Methodologies that will guide the calculation of sanctions
Project of Legislative Decree 394/2020 18 ● Key Aspects of the Proposal - More Autonomy for the ANPD: ○ The proposal seeks to suspend certain provisions from Decree No. 10,474 of August 26, 2020 which this deputy believes reduces the autonomy of the ANPD ○ Concerns include: ■ Overarching power by the President, as he appoints the Board of Directors, who in turn appoint an Advisory Board off of a list of criteria established by the Board of Directors ■ Article 37 from Decree No.10,474, which gives the ANPD power to appoint military help when needed, however the military will only respond to the President and not the ANPD ■ The presidency of the CNPD will be exercised by the Representative of the Civil House of the Presidency
© 2019 TrustArc Inc Proprietary and Confidential Information How to prepare for compliance?
Regulation Knowledge 20 Source: TrustArc Global Benchmarks Survey 2020
Regulation Knowledge 21 Source: TrustArc Global Benchmarks Survey 2020 What is the overall impact of the following regulatory requirements on your business?
How to prepare for compliance? 22 1. Understanding your legal requirements under LGPD ○ Ongoing activity - due to yet to be drafted ANPD guidelines 2. Assess your Brazilian data processing operations (+ create register) ○ Processing taking place in Brazil ○ Processing targeting the Brazilian mark ○ Processing personal data from persons in Brazil 3. Document data transfers to and from Brazil 4. Update Individual Rights procedures to deal with LGPD requirements and deadlines 5. Keep documentation of all implementation steps
Why TrustArc 23 The Combination of Automation, Intelligence and Dedicated Success Teams This automated, single platform experience delivered through its unique combination of privacy frameworks, intelligence, knowledge and operations. Complete Automation Embedded Deep Intelligence Dedicated to Success Only TrustArc can deliver the depth of privacy intelligence that’s essential to today’s ever- changing digital world combined with a fully-automated platform for end-to-end privacy management. Our comprehensive onboarding with dedicated customer success teams can be augmented with privacy and compliance consulting expertise to build and grow successful privacy programs 23
24 Platform Capabilities PRIVACY SOLUTIONS Regulatory Insights and Monitoring Privacy Program Assessments Risk Management Frameworks and Planning Consent Management Privacy Rights Management Breach Response Audit and Assurance Compliance Monitoring Awareness and Training Task Management and Action Plans Reporting DataCapture Applications External API’s KNOWLEDGE BASE Data Inventory Hub My Company Info Tracker Scans Intelligence System(IoP) Libraries TrustArc Privacy and Data Governance Accountability Framework Law and Regulatory Standards Repository INTELLIGENCE ENGINES Deep Intelligence + Complete Automation How TrustArc Helps: Data Privacy Management Platform
TrustArc Resources 25 https://trustarc.com/lgpd-resources/
© 2019 TrustArc Inc Proprietary and Confidential Information Q&A
Upcoming Webinars 27 Past Webinars Cookie Consent Regulatory Updates: How to Maintain Compliance September 30, 2020 @ 9:00 PST The Brazilian LGPD is Here: What You Need to Know Free Download How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requirements Free Download
© 2019 TrustArc Inc Proprietary and Confidential Information Thank You! See http://www.trustarc.com/insightseries for the 2020 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Recommended

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 

Recommended

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartTrustArc
 
Data Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsData Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsTrustArc
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc
 
TrustArc Webinar: 2023 Privacy Roadmap
TrustArc Webinar: 2023 Privacy RoadmapTrustArc Webinar: 2023 Privacy Roadmap
TrustArc Webinar: 2023 Privacy RoadmapTrustArc
 
TrustArc Webinar: Data Privacy Trends 2023
TrustArc Webinar: Data Privacy Trends 2023TrustArc Webinar: Data Privacy Trends 2023
TrustArc Webinar: Data Privacy Trends 2023TrustArc
 
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondFuture-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

More Related Content

More from TrustArc

Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartTrustArc
 
Data Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsData Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsTrustArc
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc
 
TrustArc Webinar: 2023 Privacy Roadmap
TrustArc Webinar: 2023 Privacy RoadmapTrustArc Webinar: 2023 Privacy Roadmap
TrustArc Webinar: 2023 Privacy RoadmapTrustArc
 
TrustArc Webinar: Data Privacy Trends 2023
TrustArc Webinar: Data Privacy Trends 2023TrustArc Webinar: Data Privacy Trends 2023
TrustArc Webinar: Data Privacy Trends 2023TrustArc
 
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondFuture-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondTrustArc
 

More from TrustArc (20)

Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To Start
 
Data Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsData Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy Questions
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA Compliance
 
TrustArc Webinar: 2023 Privacy Roadmap
TrustArc Webinar: 2023 Privacy RoadmapTrustArc Webinar: 2023 Privacy Roadmap
TrustArc Webinar: 2023 Privacy Roadmap
 
TrustArc Webinar: Data Privacy Trends 2023
TrustArc Webinar: Data Privacy Trends 2023TrustArc Webinar: Data Privacy Trends 2023
TrustArc Webinar: Data Privacy Trends 2023
 
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondFuture-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

The Brazilian LGPD is Here: What You Need to Know

  • 1. © 2020 TrustArc Inc. Proprietary and Confidential Information. The Brazilian LGPD is Here: What You Need to Know September 16, 2020 1
  • 2. Speakers 2 Paul Breitbarth LL.M Director, EU Policy & Strategy TrustArc Christina Fratschko HBA, MLIS, CIPP/US Privacy Research Specialist, Privacy Intelligence TrustArc Jucival Dos Santos MBA Managing Principal & Founder Assent Trust
  • 3. Agenda 3 ● The current status of LGPD and its enforcement timeline ● Requirements for organizations doing business in Brazil including accountability, legal bases, individual rights and International transfers ● How to prepare for compliance
  • 4. © 2019 TrustArc Inc Proprietary and Confidential Information The current status of LGPD and its enforcement timeline
  • 5. Adoption of the LGPD 5 16 August 2020 Expected entry into force of LGPD Proposal to postpone to 3 May 2021, because of COVID-19 26 August 2020 Senate rejects 2021 postponement Publication of the ANPD Decree (regulator) Before 17 September 2020 President Bolsonaro confirms application of LGPD August 2021 LGPD penalties can be imposed
  • 6. © 2019 TrustArc Inc Proprietary and Confidential Information Requirements for organizations doing business in Brazil
  • 7. Legal Bases 7 I. Consent II. Compliance with a legal obligation III. Public administration for public policies IV.Research V. Execution of a contract, or preliminary procedures for a contract VI.Legal procedures VII.Protection of life or physical safety VIII.Protection of health [only for healthcare professionals] IX.Legitimate interests X. Protection of credit Article 7 LGPD et seq.
  • 8. Individual Rights 8 ● Data ownership ● Confirmation of the existence of processing ● Access ● Correction ● Anonymization, blocking or deletion of unnecessary or excessive data ● Data portability ● Withdrawal of consent, followed by deletion ● Information about data sharing Article 17 LGPD et seq.
  • 9. International Transfers 9 ● International data transfers: the transfer of personal data to a foreign country or to an international entity of which the country is a member. ● Main Rule: data transfers only to adequate countries ○ Brazilian DPA will need to draft the list once up and running ○ Criteria: applicable data protection regime and the nature of the data; alignment of security requirements with the LGPD; existence of judicial and institutional guarantees for respecting the rights of personal data protection ● Alternative: transfers based on sufficient guarantees the data will be protected ○ standard contractual clauses or ad hoc agreements; ○ global corporate rules (like BCRs and CPBRs); ○ public interests; ○ consent; or ○ following approval by the DPA. Chapter V LGPD
  • 10. Data Breaches 10 ● Security incidents that may lead to material risk or harm must be reported, in a reasonable time period, to the national authority (to be the DPA), and affected data subjects. ● The notification should include a: ○ description of the nature of personal data affected; ○ information about affected data subjects; ○ an indication of the technical and safety measures used to protect personal data; ○ risks related to the incident; ○ measures that will be adopted to reverse or mitigate the effects of the incident; and ○ reasons for any delayed notification. ● The DPA may require controllers to adopt measures such as: ○ wide dissemination of the incident to the media; and ○ measures to reverse or mitigate the effects of the incident. Article 48 LGPD
  • 11. Accountability Obligations 11 ● One of the key principles of the LGPD ● Both controllers and processors will need to be able to demonstrate “the adoption of measures which are efficient and capable of proving the compliance with the rules of personal data protection, including the efficacy of such measures” ● Includes: ○ Appointment of DPO (subject to ANPD guidance) ○ Processing activities register ○ Impact and Risk Assessments (subject to ANPD guidance) ● Suggestion to develop a privacy compliance program ○ Demonstrating commitment to adopt internal processes and policies that ensure broad compliance ○ Establishing adequate policies and safeguards based on a process of systematic evaluation of the impacts on and risks to privacy ○ Integrate privacy governance into the general governance structure ○ Regular updates Article 6(x) and 50 LGPD
  • 12. © 2019 TrustArc Inc Proprietary and Confidential Information The new Brazilian Data Protection Authority
  • 13. Main Characteristics of the ANPD 13
  • 14. Main characteristics of the ANPD 14 ● The ANPD will be part of the Federal Administration and bound to the Executive Office of the President ● Two main bodies of the ANPD are: ○ The Board of Directors: ■ This is the top executive body and is comprised of 5 members, including the Chairman, who has normative, investigatory, and corrective powers ○ The National Data Protection and Privacy Council (aka the Advisory Board): ■ This is a consulting body, comprised of 21 members who are chosen among representatives of different bodies of the administration, the Legislative Branch, the Judicial Branch, and entities representing civil society organizations ● ANPD officials will be appointed based on a reappointment of the budget of the Ministry of the Economy, and the President will have the authority to appoint the Board and Council Members ● Board Members will have a 4 year term, however the terms of office of the first members of the Board will be 2, 3, 4, 5, and 6 years ● Council members will have a 2 year term and reelection is permitted only once ● The Decree will come into force upon publication of the appointment of the Chairman of the Board by the President
  • 15. Powers of the ANPD 15 ● ANPD Responsibilities Includes: ○ Ensuring protection of personal data ○ Editing procedures of protection of personal data ○ Requesting information from controllers and processors, at any time, on processing operations ○ Inspecting and applying sanctions for processing violations ○ Carrying out audits to determine compliance with the LGPD ○ Communicating any criminal offenses to competent authorities ○ Promoting cooperation actions with personal data protection authorities of other countries ○ Ensuring processing of data on the elderly is carried out in a simple, clear, accessible and appropriate way for their understanding ○ Imposing administrative sanctions
  • 16. Powers of the Board of Directors of the Executive Board 16 ● Requesting from Controllers: ○ An impact report on the protection of personal data when processing is based on legitimate interests ○ Supplementary information and carry out checks on processing operations, in the context of approving international data transfers ● Authorizing International Data Transfers: ○ Including evaluating the adequacy of other countries' personal data protection ● Regulating: ○ Communication or shared use of sensitive personal data between controllers for economic advantage ○ Access to personal databases by research bodies when carrying out public health studies ○ Ethical standards related to studies and research: ■ Including the use of anonymization or pseudonymization ○ Portability of personal data between service or product supplies ○ Presentation format of data sent to data subjects upon their request: ■ i.e., that it is provided in a format that allows its subsequent use ○ Communication or shared use of personal data from legal entities under public law to legal entities under private law
  • 17. Powers of the Directing Council of the Executive Board 17 ● Providing: ○ Standards and techniques used in anonymization processes ○ Forms of publicity for data processing operations carried out by legal entities governed by public law ● Determining: ○ Cessation of processing when there is a violation of the LGPD ○ Performance of an audit to verify discriminatory aspects in automated processing of personal data ○ Adoption of correction measures based on the severity of security incidents ○ Deadline to report a data breach ○ Methodologies that will guide the calculation of sanctions
  • 18. Project of Legislative Decree 394/2020 18 ● Key Aspects of the Proposal - More Autonomy for the ANPD: ○ The proposal seeks to suspend certain provisions from Decree No. 10,474 of August 26, 2020 which this deputy believes reduces the autonomy of the ANPD ○ Concerns include: ■ Overarching power by the President, as he appoints the Board of Directors, who in turn appoint an Advisory Board off of a list of criteria established by the Board of Directors ■ Article 37 from Decree No.10,474, which gives the ANPD power to appoint military help when needed, however the military will only respond to the President and not the ANPD ■ The presidency of the CNPD will be exercised by the Representative of the Civil House of the Presidency
  • 19. © 2019 TrustArc Inc Proprietary and Confidential Information How to prepare for compliance?
  • 21. Regulation Knowledge 21 Source: TrustArc Global Benchmarks Survey 2020 What is the overall impact of the following regulatory requirements on your business?
  • 22. How to prepare for compliance? 22 1. Understanding your legal requirements under LGPD ○ Ongoing activity - due to yet to be drafted ANPD guidelines 2. Assess your Brazilian data processing operations (+ create register) ○ Processing taking place in Brazil ○ Processing targeting the Brazilian mark ○ Processing personal data from persons in Brazil 3. Document data transfers to and from Brazil 4. Update Individual Rights procedures to deal with LGPD requirements and deadlines 5. Keep documentation of all implementation steps
  • 23. Why TrustArc 23 The Combination of Automation, Intelligence and Dedicated Success Teams This automated, single platform experience delivered through its unique combination of privacy frameworks, intelligence, knowledge and operations. Complete Automation Embedded Deep Intelligence Dedicated to Success Only TrustArc can deliver the depth of privacy intelligence that’s essential to today’s ever- changing digital world combined with a fully-automated platform for end-to-end privacy management. Our comprehensive onboarding with dedicated customer success teams can be augmented with privacy and compliance consulting expertise to build and grow successful privacy programs 23
  • 24. 24 Platform Capabilities PRIVACY SOLUTIONS Regulatory Insights and Monitoring Privacy Program Assessments Risk Management Frameworks and Planning Consent Management Privacy Rights Management Breach Response Audit and Assurance Compliance Monitoring Awareness and Training Task Management and Action Plans Reporting DataCapture Applications External API’s KNOWLEDGE BASE Data Inventory Hub My Company Info Tracker Scans Intelligence System(IoP) Libraries TrustArc Privacy and Data Governance Accountability Framework Law and Regulatory Standards Repository INTELLIGENCE ENGINES Deep Intelligence + Complete Automation How TrustArc Helps: Data Privacy Management Platform
  • 26. © 2019 TrustArc Inc Proprietary and Confidential Information Q&A
  • 27. Upcoming Webinars 27 Past Webinars Cookie Consent Regulatory Updates: How to Maintain Compliance September 30, 2020 @ 9:00 PST The Brazilian LGPD is Here: What You Need to Know Free Download How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requirements Free Download
  • 28. © 2019 TrustArc Inc Proprietary and Confidential Information Thank You! See http://www.trustarc.com/insightseries for the 2020 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.