--- title: "What should teams do about Incident Reporting To ANPD under the Brazil LGPD?" canonical_url: "https://www.sorena.io/artifacts/latam/brazil-lgpd/faq/incident-reporting-to-anpd" source_url: "https://www.sorena.io/artifacts/latam/brazil-lgpd/faq/incident-reporting-to-anpd" author: "Sorena AI" description: "Brazil LGPD guidance for Incident Reporting To ANPD, with practical decisions, evidence, edge cases, and external source citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "Brazil LGPD" - "Incident Reporting To ANPD" - "Brazil LGPD Incident Reporting To ANPD" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # What should teams do about Incident Reporting To ANPD under the Brazil LGPD? Brazil LGPD guidance for Incident Reporting To ANPD, with practical decisions, evidence, edge cases, and external source citations. *Artifact Guide* *Brazil* *Incident Reporting To ANPD* ## Brazil LGPD Incident Reporting To ANPD Incident Reporting To ANPD decisions under the Brazil LGPD should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed. Use this section to define scope, owner, evidence inputs, and the review outcome before execution. Brazil LGPD incident reporting means deciding whether a security incident must be communicated to the ANPD and, when it does, documenting the trigger, owner, evidence, and timing in plain operational language. ## What should teams do about Incident Reporting To ANPD under the Brazil LGPD? Teams should treat Incident Reporting To ANPD under the Brazil LGPD as a source-linked operating decision: confirm whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure, assign the team that can change the process, and keep evidence showing the action and review trigger. Under article 48 of the LGPD, the controller must notify the ANPD and the data subject about a security incident that may cause relevant risk or harm to the data subjects. The LGPD also says the communication must be made in a reasonable time, and ANPD rules define the detailed procedure. The safest first step is to identify the controller/operator role, purpose, lawful basis, data category, data-subject right, transfer, or incident trigger before assigning the LGPD action. - Write the Incident Reporting To ANPD decision in one sentence before drafting controls. - Attach the external source URL and a short source quote to the evidence record. - Route unclear cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [ANPD - Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - ANPD's incident communication page supports the FAQ's reporting workflow by identifying controller responsibility, SEI filing, reportable incident criteria, and the three-business-day communication period. - [Resolução CD/ANPD nº 15, de 24 de abril de 2024](https://dspace.mj.gov.br/bitstream/1/12879/2/RES_ANPD_2024_15.html?ref=sorena.io) - The incident-communication regulation is the primary rule for when and how controllers communicate security incidents to ANPD and affected data subjects. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/ANPD-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Direct support for the FAQ answer on Incident Reporting To ANPD. ## What evidence should teams keep for Incident Reporting To ANPD under the Brazil LGPD? Useful evidence is not just a privacy notice. Keep the source, role map, lawful-basis note, rights log, transfer analysis, incident assessment, DPO review, and approval trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [ANPD - Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - Evidence support for the FAQ answer because ANPD states that incident communication must be filed by the DPO or legal representative through SEI. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/anpd-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Evidence support for the FAQ answer. - [LEI Nº 13.709, DE 14 DE AGOSTO DE 2018](https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm?ref=sorena.io) - Evidence support for the FAQ answer because LGPD Article 48 requires controllers to communicate security incidents that may create relevant risk or harm to data subjects. ## Which mistakes create risk when handling Incident Reporting To ANPD under the Brazil LGPD? The common failure pattern is using a GDPR-style answer without checking LGPD roles, lawful bases, ANPD guidance, transfer rules, incident thresholds, and Brazilian enforcement context. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [ANPD - Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - Risk and boundary support for the FAQ answer because ANPD lists the cumulative criteria for incidents that must be communicated. - [Resolução CD/ANPD nº 15, de 24 de abril de 2024](https://dspace.mj.gov.br/bitstream/1/12879/2/RES_ANPD_2024_15.html?ref=sorena.io) - Risk and boundary support for the FAQ answer because the regulation defines the communication process and ANPD follow-up for relevant-risk incidents. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/anpd-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [LEI Nº 13.709, DE 14 DE AGOSTO DE 2018](https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm?ref=sorena.io) - Risk and boundary support for the FAQ answer because LGPD Article 48 frames incident reporting around risk or relevant harm to data subjects. ## Primary sources - [ANPD - Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - ANPD source for triaging whether an event is a reportable security incident involving personal data and relevant risk or harm. - Quote: "Somente os controladores sujeitos à Lei Geral de Proteção de Dados têm obrigação de comunicar" - [Resolução CD/ANPD nº 15, de 24 de abril de 2024](https://dspace.mj.gov.br/bitstream/1/12879/2/RES_ANPD_2024_15.html?ref=sorena.io) - Primary regulation supporting when controllers must communicate security incidents to ANPD and affected data subjects. - Quote: "comunicação, à ANPD e ao titular, da ocorrência de incidente de segurança" - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/anpd-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Supports Incident Reporting To ANPD under the Brazil LGPD. - Quote: "Esta Resolução CD/ANPD nº 4, de 24 de fevereiro de 2023, trata da aplicação de sanções administrativas e" - [LEI Nº 13.709, DE 14 DE AGOSTO DE 2018](https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm?ref=sorena.io) - Current LGPD source for the controller duty to notify security incidents that may create relevant risk or harm to data subjects. - Quote: "incidente de segurança que possa acarretar risco ou dano relevante aos titulares" ## Topic Guides - [Brazil LGPD Anpd Enforcement And Fines Guide](/artifacts/latam/brazil-lgpd/anpd-enforcement-and-fines.md): Brazil LGPD guidance for Anpd Enforcement And Fines, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Applicability Test Guide](/artifacts/latam/brazil-lgpd/applicability-test.md): Practical guidance for the Brazil LGPD applicability test, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Breach Notification Guide](/artifacts/latam/brazil-lgpd/breach-notification.md): Brazil LGPD guidance for Breach Notification, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Checklist](/artifacts/latam/brazil-lgpd/checklist.md): Practical guidance for the Brazil LGPD checklist, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Compliance Guide](/artifacts/latam/brazil-lgpd/compliance.md): Practical guidance for the Brazil LGPD compliance, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Controller Operator And DPO Roles Guide](/artifacts/latam/brazil-lgpd/controller-operator-and-dpo-roles.md): Brazil LGPD guidance for Controller Operator And DPO Roles, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Data Subject Rights Guide](/artifacts/latam/brazil-lgpd/data-subject-rights.md): Brazil LGPD guidance for Data Subject Rights, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Deadlines and Compliance Calendar Guide](/artifacts/latam/brazil-lgpd/deadlines-and-compliance-calendar.md): Brazil LGPD guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD DSAR Response Template Guide](/artifacts/latam/brazil-lgpd/lgpd-dsar-response-template.md): Brazil LGPD guidance for LGPD DSAR Response Template, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD DSAR Workflow Guide](/artifacts/latam/brazil-lgpd/dsar-workflow.md): Brazil LGPD guidance for DSAR Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Incident Reporting To Anpd Guide](/artifacts/latam/brazil-lgpd/incident-reporting-to-anpd.md): Brazil LGPD guidance for Incident Reporting To Anpd, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Incident Workflow Guide](/artifacts/latam/brazil-lgpd/incident-workflow.md): Brazil LGPD guidance for Incident Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD International Transfer Mechanisms Guide](/artifacts/latam/brazil-lgpd/international-transfer-mechanisms.md): Brazil LGPD guidance for International Transfer Mechanisms, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD International Transfers Guide](/artifacts/latam/brazil-lgpd/international-transfers.md): Brazil LGPD guidance for International Transfers, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Lawful Bases Guide](/artifacts/latam/brazil-lgpd/lawful-bases.md): Brazil LGPD guidance for Lawful Bases, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Legal Bases And Legitimate Interest Balancing Guide](/artifacts/latam/brazil-lgpd/legal-bases-and-legitimate-interest-balancing.md): Brazil LGPD guidance for Legal Bases And Legitimate Interest Balancing, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD penalties and fines Guide](/artifacts/latam/brazil-lgpd/penalties-and-fines.md): Brazil LGPD guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Privacy Law FAQ](/artifacts/latam/brazil-lgpd/faq.md): Practical guidance for the Brazil LGPD FAQ, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Requirements Guide](/artifacts/latam/brazil-lgpd/requirements.md): Practical guidance for the Brazil LGPD requirements, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Ripd And DPIA Evidence Guide](/artifacts/latam/brazil-lgpd/ripd-and-dpia-evidence.md): Brazil LGPD guidance for Ripd And DPIA Evidence, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Ripd Workflow Guide](/artifacts/latam/brazil-lgpd/ripd-workflow.md): Brazil LGPD guidance for Ripd Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Small Processing Agents Guide](/artifacts/latam/brazil-lgpd/small-processing-agents.md): Brazil LGPD guidance for Small Processing Agents, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Templates Guide](/artifacts/latam/brazil-lgpd/templates.md): Practical guidance for the Brazil LGPD templates, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Transfer Workflow Guide](/artifacts/latam/brazil-lgpd/transfer-workflow.md): Brazil LGPD guidance for Transfer Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD vs CCPA Guide](/artifacts/latam/brazil-lgpd/lgpd-vs-ccpa.md): Brazil LGPD guidance for LGPD vs CCPA, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD vs GDPR Guide](/artifacts/latam/brazil-lgpd/lgpd-vs-gdpr.md): Brazil LGPD guidance for LGPD vs GDPR, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Children's Data under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/children-s-data.md): Brazil LGPD guidance for Children's Data, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Controller Operator And DPO Roles under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/controller-operator-and-dpo-roles.md): Brazil LGPD guidance for Controller Operator And DPO Roles, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Cookies under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/cookies.md): Brazil LGPD guidance for Cookies, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about International Transfer Mechanisms under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/international-transfer-mechanisms.md): Brazil LGPD guidance for International Transfer Mechanisms, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Legal Bases under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/legal-bases.md): Brazil LGPD guidance for Legal Bases, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Legitimate Interest Balancing under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/legitimate-interest-balancing.md): Brazil LGPD guidance for Legitimate Interest Balancing, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Ripd And DPIA under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/ripd-and-dpia.md): Brazil LGPD guidance for Ripd And DPIA, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Sanctions Methodology under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/sanctions-methodology.md): Brazil LGPD guidance for Sanctions Methodology, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Small Processing Agents under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/small-processing-agents.md): Brazil LGPD guidance for Small Processing Agents, with practical decisions, evidence, edge cases, and external source citations. *Recommended next step* *Placement: after the practical guidance* ## Turn Brazil LGPD Incident Reporting To ANPD into assigned work This artifact page provides practical inputs, owner roles, required outputs, and evidence checkpoints for incident reporting to anpd. - [Open Assessment Autopilot for Brazil LGPD](/solutions/assessment.md): Turn Incident Reporting To ANPD into scoped questions, evidence fields, and review tasks. - [Review Brazil LGPD source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with operational practice. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/latam/brazil-lgpd/faq/incident-reporting-to-anpd