Brazil
different rights regarding their personal data. Among these, individuals have the right to request that the controller correct any incomplete, inaccurate, or outdated personal data at any time upon their request. 5.4. Data protection and security practices and procedures The LGPD mandates that controllers and processors implement technical and administrative safeguards to protect personal data against unauthorized access, as well as against accidental or illegal destruction, loss, alteration, disclosure, or any other form of improper processing. Moreover, the Law encourages the development and implementation of best practices and governance frameworks by these entities. This encompasses addressing organizational conditions, operational protocols, internal procedures (including handling data subject requests), security policies, technical standards, specific responsibilities for those engaged in processing activities, educational initiatives, internal monitoring, and mechanisms for mitigating risks. In this context, the ANPD is empowered to define minimum technical standards for data security and confidentiality. Reflecting this, in 2021, the ANPD released the Information Security Guide for Small Processing Agents to outline a range of security measures tailored to small-scale agents.
5.5. Cross-border transfer of data Article 33 of the LGPD specifies the conditions under which international data transfer is permitted, including: (i) to entities in countries or international organizations that offer a level of personal data protection comparable to the LGPD; (ii) when the controller demonstrates adherence to LGPD principles and data subject rights through specific agreements or mechanisms like standard data protection clauses, corporate rules, or codes of conduct approved by the ANPD; (iii) for international legal cooperation among public intelligence or law enforcement agencies; (iv) to protect the life or physical safety of the data subject or others; (v) with authorization from the ANPD; (vi) under international cooperation agreements; (vii) for executing public policies or services; (viii) with explicit consent from the data subject, clearly informed about the transfer's international aspect; and (ix) to meet the requirements in items II, V, and VI of Article 7. Furthermore, the ANPD is developing a regulation to specifically address international data transfers, covering definitions, requirements, transfer methods, approval processes, and standard contractual clause models for such transfers
https://klalaw.com.br/en/home/
Made with FlippingBook - PDF hosting