What must be done in the event of a Personal Data Breach?

22/03/2021

What must be done in the event of a Personal Data Breach?

Companies should carry out an internal assessment on the nature, category and quantity of data subjects affected, the category and quantity of data affected, and concrete and probable consequences.
The internal assessment should be documented, including any measures taken and risk analysis, in order to comply with the principles of responsibility and accountability under the LGPD.

Notice of the incident must be given to:

(1) A supervisor at the office;

(2) The controller (if you are the operator, under the terms of the LGPD); and

(3)
The ANPD and data subject (in the case of risk or material damage to the data subject).

Companies should carry out an internal assessment on the nature, category and quantity of data subjects affected, the category and quantity of data affected, and concrete and probable consequences.
The internal assessment should be documented, including any measures taken and risk analysis, in order to comply with the principles of responsibility and accountability under the LGPD.

Notice of the incident must be given to:

(1) A supervisor at the office;

(2) The controller (if you are the operator, under the terms of the LGPD); and

(3)
The ANPD and data subject (in the case of risk or material damage to the data subject).











Sign up for our newsletter








    Back









    © Copyright 2020-2021 - Daniel Law. All rights reserved.