Brazil Delays their GDPR Six Months due to ANDP Implementation

Robert BuheckerCybersecurity and VulnerabilitiesLeave a Comment

Brazil Implements lgpd

Brazil Plans To Implement GDPR Regulations

In July 2018, Brazil followed in the footsteps of the European Union’s (EU) General Data Protection Regulations, or GDPR for short. The scope of both laws includes various sectors of the economy. In a nutshell, regardless if a company is public or private, it is held accountable for mismanagement of customer data. Recently, however, Brazil decided to add a data supervisory authority called the National Data Protection Authority (ANPD). With ANPD, it will delay the implementation of the General Data Protection Law or LGPD six months. Originally, LGPD was planned for February 2020, however, the ANPD will move the date to August 2020.

The addition of ANPD fills a hole in the LGPD system with a multitiered committee dedicated to rulemaking, education, and enforcement of LGPD. The prior Brazilian president, Michel Temer, created the agency on Dec. 28, only days before the new president took over.

Breaking Down the ANPD

It’s no surprise that a majority of governments are pushing for increased regulations and consequences related to Within the last year, cyber attacks have affected nearly one billion people. The ANPD is not a new rule or a new regulation, but the entity that oversees and monitors the LGPD.
data breaches

When can organizations expect to be subjected to the LGPD? Not until ANPD is fully implemented. The ANPD will help clarify and explain various details of the LGPD law. The details the committee will define are:

  • Rulemaking and interpretive guidance
  • Investigation and enforcement – The ANPD can issue penalties.
  • The ANPD will educate and steer data policy in Brazil.

The ANPD committee will be comprised of several parts. First, the multitiered structure will be comprised of commissioners that will serve two, three, four, five, and six-year terms. The commissioners will be decided by the current Brazilian president. To make ANPD well rounded, it will include commissioners from 11 different sectors of the Brazilian government. Additionally, the ANPD will have an internal legal advisory board and specialized administrative employees.

Similar to GDPR, which protects personal data in European countries, the LGPD plans to keep data of Brazillian citizens safe. Even though there is a six-month delay, businesses and entities should start examining and testing their data management procedures. Brazil is the first country in Latin America to implement such digital laws, but it seems more countries will soon follow.

The Differences Between GDPR and ANPD

The EU General Data Protection Regulation (GDPR) aims to protect people from privacy and data breaches. It applies to controllers and processors alike, whether they are in the EU or not. There are several additional security practices put in place with GDPR that were otherwise not mentioned in the previous data protection laws.

There are several ways the EU is trying to keep users safe from data brokers. Under GDPR, the terms of consent for people to allow controllers to use their data must have clear language for the user to understand. If a data breach takes place, the business or person who was breached must give notification within 72 hours of being aware. Subjects can receive the personal data concerning them and have the right to erase all of their data from controllers or third parties. Another important facet of the GDPR is that if you break any of the regulations set forth by the EU GDPR, you can be fined up to 4% of the annual global turnover.

The GDPR is a list of regulations for businesses and data brokers. These are rules that were created to protect data subjects. These are a sort of respected document that businesses and brokers alike should model their practices after. On the other hand, ANPD is an entity of people that will decide on data collection rules, rule enforcement, and how to educate the people on the new practices. Instead of a document, the data protection regulation will be decided by a governing body.

US Companies Call For Data Protection

In Nov. 2018, many United States-based companies that include Google, Microsoft, Facebook and more supported Emmanuel Macrons Paris Call for Trust in Cybersecurity. While the United States government was absent from the summit, private companies are supporting the missions to stand up to hackers and support cyber security.

United States companies were not the only companies to sign on to support the call for trust. More than 200 international businesses offered their support to the trust. Private companies seem to understand the importance of cyber security.

Tim Cook Asks Congress To Increase Privacy Regulations

Apple CEO, Tim Cook articulated why he believes there needs to be a push for data protection among technology users. At a privacy conference in Brussels, Belgium, Cook gave an enthusiastic speech urging the United States to enact more privacy regulations. He said that he believes that technology will not reach its full potential without the trust of the people who use it.

“We are optimistic about technology’s awesome potential for good,” said Cook. He continued by giving four principles he believes privacy regulators should enact in terms of managing data.

  • The right to have the amount of personal data minimized
  • Knowledge of what data is being collected and why
  • Ease of access and ability to delete personal data
  • The right to data security

Cook would like the Federal Trade Commission to establish a data-broker clearinghouse, requiring all data brokers to register. This way, consumers can track when their data was used and would have the power to delete their data on demand once and for all.

Apple Allows Users to Delete All of Their Data

To comply with GDPR, Apple announced in November that they would allow any Apple user to delete the information Apple has stored on them In true Apple fashion, they made the process to delete the information easy. All one needs to do is log into their iCloud account. Once logged into your account you can choose if you Apple to store information on you, turn off sharing information with Apple, and also delete the information Apple stores on you.

Not only can users delete the information Apple collected, but they can download the information, too. Depending on the information shared with Apple and the length, users might find that there are terabytes of data Apple collects. Hopefully, with their calls to Congress and the success of allowing users to delete their data that other companies will follow suit.

U.S Lawmakers Do See the Importance of Cyber Laws

Before the Marriott Hack that affected nearly 500 million people U.S Senator Ron Wyden proposed the Consumer Data Protection Act While the law has not been adopted yet, it shares similar consequences that GDPR and LGDP share. Wyden proposes that executives should face jail time if their computer networks and systems are thwarted by black hat hackers.

SecureDrives Aim to Put User in Control

Data breaches, hackers, and businesses physically removing their servers from any network connection at the end of the day are becoming the new norm. While data breaches and new regulation arise, there are solutions that anyone can do. First, it is important that businesses of all sizes are running regular security checks, updating their systems, and patching all and any software they use. Second, businesses and personal computer users alike need to educate themselves on end-to-end encryption and apps that support this feature.

If you’ve already implemented the features to increase the security of your business, but want to ensure that where you store important data is safe, then look no further than the SecureDrive product line.

SecureData has created the SecureDrive BT to put the power of data control in the hands of the users. SecureDrive BT is an encrypted hard drive that gives users the power to delete their information from wherever they happen to be. With remote management through a web portal, the user can choose to delete data from the drive by simply going into the data management app on their phone. They can choose who can have access to the information on the drive and what time access is granted. Users can even track any login attempts that were made on the drive and whether or not they were successful.

The power of data control is truly in the hands of the user through SecureDrive BT. Another drive SecureData created is the SecureDriveKP, a hard drive that uses a wear-resistant keypad to unlock access to data. After ten consecutive failed attempts, the data will automatically be destroyed, thus preventing your data from being leaked to someone you don’t want to have your information, like a data broker.

Contact Us Todayl

Are you the victim of a data breach or malware? If so, contact SecureForensics for a free phone consultation at 1-800-288-1407. We are skilled in data breach incident response, digital forensics, and malware removal from your devices.