Data Strategy Briefing — February 23, 2024
Brazil’s data protection authority approved Resolution 15 on international data transfers, introducing standard contractual clauses and global transfer reporting duties.
Executive briefing: Brazil’s Autoridade Nacional de Proteção de Dados (ANPD) published Resolution CD/ANPD No. 15 on 23 February 2024, establishing standard contractual clauses (SCCs), global data transfer registry obligations, and adequacy criteria under the LGPD.
Key data governance checkpoints
- SCC adoption. Compare current contracts with the ANPD’s modular SCCs covering controller-to-controller, controller-to-processor, processor-to-controller, and processor-to-processor transfers.
- Transfer registry. Build inventories of international data flows, legal bases, and safeguards to populate the ANPD’s reporting portal.
- Risk assessments. Update transfer impact assessments to reflect the resolution’s evaluation criteria for third-country legislation, oversight, and redress.
Operational priorities
- Timeline management. Track the resolution’s 18-month adaptation period to remediate existing contracts and vendor agreements.
- Vendor diligence. Require processors to implement SCC appendices, security controls, and audit cooperation duties.
- Incident coordination. Ensure cross-border breach response plans align with LGPD notification obligations and the new transfer safeguards.
Enablement moves
- Localise training for Brazilian business units on the new SCC structure, registry submissions, and adequacy criteria.
- Integrate transfer registry data with privacy management platforms to automate reporting and renewal reminders.
Sources
Zeph Tech supports LGPD compliance programmes with SCC rollout, registry automation, and cross-border risk assessments.