Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Brazil: Government releases operational guide for incident responses

The Government of Brazil released, on 5 October 2021, its Security Incident Response Guide, related to compliance with the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') for public bodies. In particular, the guide discusses compliance with the LGPD, and best practices for specification requirements regarding information security and privacy in acquiring information technology services. In addition, the guide outlines a process to be followed when there are cases of a security incident, which consists of considering, among other things: 

  • the security incident context related to personal data; 
  • simplified flowchart for notifications of security incidents involving personal data; 
  • when, how, and if a personal data protection impact report should be prepared; 
  • organisational structure for handling cyber incidents; 
  • incident response cycle; 
  • specific documentation; 
  • prioritisation and business impact; 
  • containment, eradication, and recovery security incident plans; and 
  • 35 recommendations for best practices to be followed. 

You can read the guide, only available in Portuguese, here.