To support companies in preventing and managing incidents involving personal data, IAB Brazil launched the "Personal Data Security Incident Guide." The guide, which addresses the needs of various members, was developed by the Legal Affairs Working Group and also involved the participation and engagement of representatives from several companies. The material presents incident response guidelines, helping organizations comply with the General Data Protection Law (LGPD) requirements and strengthen their privacy governance.
In the face of increasing digitalization of businesses and the rise of information security challenges, the guide details best practices to prevent and mitigate risks. The document clarifies the role of data processing agents – controllers, operators, and processors – and provides guidance on classifying incidents according to impact and risk level.
The guide also explains the mandatory communication protocols, including notification to the National Data Protection Authority (ANPD) and the data subjects, in high-risk cases. IAB Brazil has developed a step-by-step guide for properly reporting incidents within three business days, as stipulated by current legislation.
“Information security is an essential pillar for building digital trust. We developed this guide with the aim of enabling companies and professionals to respond appropriately and efficiently in the event of security incidents, ensuring transparency and mitigating damages,” says Denise Porto Hruby, CEO of IAB Brazil.
Available for download on the IAB Brazil website, the material can be accessedhere.
