Security Incident Response under the LGPD

The protection of business and personal data from unlawful processing has always been a major point of concern from an information security perspective. In the age of digital technology, this issue has become even more important for companies, especially because of the use of electronic systems in daily business life.

Data protection laws reflect this concern in order to protect fundamental rights and freedoms of natural persons. In practice, the occurrence of data breaches is inevitable, particularly in countries which are still developing a strong culture of privacy.

Common security incidents

• Ransomware;
• Cybersecurtiy attacks;
• Accidental transmission of data to a trusted third party;
• Lost or stolen devices and paper documents;
• Mispostal;
• etc. 

FIRST PRIVACY therefore supports companies operating in Brazil in developing procedures to prevent, detect and mitigate data security incidents.

Measures against data security incidents 

The development of a security incident response plan is a legal obligation, as companies must ensure the security of processing through the implementation of security, technical and administrative measures which are able to protect personal data from unauthorized accesses and accidental or unlawful situations of destruction, loss, alteration, communication or any type of improper or unlawful processing. 

Furthermore, we regularly advise clients on the assessment of whether security incidents result in relevant risks or damages to the data subjects. In case of security incidents which may create risk or relevant damage to the data subjects, we also assist companies who act as controllers with the communications to the Brazilian data protection authority (ANPD) and to the concerned data subjects.