The above measures by the ANPD provide much needed guidance for companies dealing with Personal Data Breach under the LGPD.
While a clearer position through regulation is awaited, we recommend maintaining a cautious approach in respect of such incidents and to report cases even where there is a doubt regarding the risk and damages involved. A misclassification of such risk may be considered as non-compliance under the law.
Finally, the authority’s call for a public consultation process is an important step towards producing clear regulatory standards in the area. In this sense, please let us know if you would like to participate or be represented in the public consultation process which is open till March 24th, 2021.