--- title: "Brazil LGPD Incident Reporting To Anpd Guide" canonical_url: "https://www.sorena.io/artifacts/latam/brazil-lgpd/incident-reporting-to-anpd" source_url: "https://www.sorena.io/artifacts/latam/brazil-lgpd/incident-reporting-to-anpd" author: "Sorena AI" description: "Brazil LGPD guidance for Incident Reporting To Anpd, with practical decisions, evidence, edge cases, and external source citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "Brazil LGPD" - "Incident Reporting To Anpd" - "Brazil LGPD Incident Reporting To Anpd" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # Brazil LGPD Incident Reporting To Anpd Guide Brazil LGPD guidance for Incident Reporting To Anpd, with practical decisions, evidence, edge cases, and external source citations. *Artifact Guide* *Brazil* *Incident Reporting To Anpd* ## Brazil LGPD Incident Reporting To Anpd Incident Reporting To Anpd decisions under the Brazil LGPD should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed. Use this section to define scope, owner, evidence inputs, and the review outcome before execution. Use this page to decide when a security incident must be reported to the ANPD and affected data subjects, who should make the call, what evidence should be recorded, and how to document the response in plain operational terms. ## What should teams decide about Incident Reporting To Anpd under the Brazil LGPD? Start by deciding whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point. For incident reporting, the practical trigger is a confirmed security incident involving personal data that may cause risk or relevant damage to data subjects. Article 48 of the LGPD requires the controller to communicate the incident to the ANPD and to the holder, and ANPD guidance says not every incident qualifies; the report is for events such as unauthorized, accidental, or illicit access, destruction, loss, alteration, leakage, or other inadequate or illicit treatment that can create risk or relevant damage. If the incident qualifies, the report should also be sent within the deadline defined by the ANPD guidance source. Keep the LGPD source, role map, lawful basis analysis, data-subject-right record, transfer basis, incident assessment, and ANPD-facing evidence together. - Define the exact Incident Reporting To Anpd trigger and the business process it affects. - Record which role, product, system, customer group, or data flow is in scope. - Attach the source-linked rule, the owner, and the evidence field before approving the control. - Escalate uncertainty when the facts depend on thresholds, exemptions, cross-border activity, vulnerable users, or enforcement-sensitive wording. Sources for this answer: - [ANPD Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - ANPD incident guidance explains how Article 48 LGPD and Resolution 15/2024 apply to controller communications to ANPD and affected data subjects. - [ANPD Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte](https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/guia-vf.pdf?ref=sorena.io) - ANPD security guidance supports practical incident-prevention and response controls for small processing agents under the LGPD. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/ANPD-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Primary source support for the Incident Reporting To Anpd decision. ## Who should own Incident Reporting To Anpd, and what evidence should prove the decision? Ownership should sit with the team that controls the processing purpose, data-subject channel, vendor relationship, transfer mechanism, security incident response, or ANPD communication. Evidence should show controller/operator mapping, lawful basis, transparency notice, rights response, transfer analysis, incident decision, DPO involvement, and ANPD remediation record where applicable. - Name one accountable owner and one reviewer for the Incident Reporting To Anpd workflow. - Keep source screenshots or source links, decision notes, implementation tickets, and approval records together. - Use dated evidence for deadlines, notices, risk assessments, contracts, user journeys, and regulator-facing records. - Review the evidence after product changes, new markets, new vendors, enforcement updates, or material changes in the source text. Sources for this answer: - [ANPD Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte](https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/guia-vf.pdf?ref=sorena.io) - ANPD security guidance supports practical incident-prevention and response controls for small processing agents under the LGPD. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/ANPD-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Evidence and ownership support for Brazil LGPD. - [Resolução CD/ANPD nº 1, de 28 de outubro de 2021](https://www.in.gov.br/web/dou/-/resolucao-cd/anpd-n-1-de-28-de-outubro-de-2021-358517513?ref=sorena.io) - ANPD procedural rules support keeping incident records, communications, and authority interactions traceable during review. ## Which edge cases should teams check before relying on a Incident Reporting To Anpd decision? Most LGPD mistakes happen at the boundary between controller and operator duties, consent and other lawful bases, academic or public-interest processing, international transfers, and incident notification thresholds. Apply this section before approving a processing activity, vendor arrangement, transfer, rights workflow, child-data handling, or incident response under LGPD. If evidence is missing, block progression and raise a review task. - Check whether the rule changes for minors, consumers, business users, public-sector bodies, regulated sectors, high-risk services, or cross-border transfers. - Separate binding law, regulator guidance, consultation material, standards, and enforcement commentary in the evidence record. - Do not rely on a previous answer if the data categories, user interface, vendor role, or contractual flow changed. - Track unresolved assumptions in an open-questions section and route legal interpretation points for review. Sources for this answer: - [ANPD Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - ANPD incident guidance explains how Article 48 LGPD and Resolution 15/2024 apply to controller communications to ANPD and affected data subjects. - [ANPD Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte](https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/guia-vf.pdf?ref=sorena.io) - ANPD security guidance supports practical incident-prevention and response controls for small processing agents under the LGPD. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/ANPD-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Boundary and edge-case support for this artifact page. - [Resolução CD/ANPD nº 1, de 28 de outubro de 2021](https://www.in.gov.br/web/dou/-/resolucao-cd/anpd-n-1-de-28-de-outubro-de-2021-358517513?ref=sorena.io) - ANPD procedural rules support keeping incident records, communications, and authority interactions traceable during review. ## How should teams operationalize Incident Reporting To Anpd with proportionate controls? Use an LGPD workflow that captures role, purpose, lawful basis, data category, data-subject right, transfer or incident trigger, DPO review, evidence, and review date. The output should be a lawful-basis memo, role map, privacy notice update, DSAR record, transfer note, incident assessment, or ANPD response pack. - Create a short intake question that identifies the Incident Reporting To Anpd scenario. - Map the answer to a required action, evidence field, owner, reviewer, and review date. - Link related artifact pages with descriptive anchors so users can move from scope to deadlines, controls, penalties, and templates. - Update the workflow when official source material changes or when internal evidence shows recurring exceptions. Sources for this answer: - [ANPD Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - ANPD incident guidance explains how Article 48 LGPD and Resolution 15/2024 apply to controller communications to ANPD and affected data subjects. - [ANPD Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte](https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/guia-vf.pdf?ref=sorena.io) - ANPD security guidance supports practical incident-prevention and response controls for small processing agents under the LGPD. - [RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023](https://www.in.gov.br/web/dou/-/resolucao-cd/ANPD-n-4-de-24-de-fevereiro-de-2023-466146077?ref=sorena.io) - Operational implementation support for Incident Reporting To Anpd. *Recommended next step* *Placement: after the practical guidance* ## Turn Brazil LGPD Incident Reporting To Anpd into assigned work This artifact page provides practical inputs, owner roles, required outputs, and evidence checkpoints for incident reporting to anpd. - [Open Assessment Autopilot for Brazil LGPD](/solutions/assessment.md): Turn Incident Reporting To Anpd into scoped questions, evidence fields, and review tasks. - [Review Brazil LGPD source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with operational practice. ## Primary sources - [Lei Geral de Proteção de Dados Pessoais (Lei nº 13.709/2018), artigo 48](https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm?ref=sorena.io) - LGPD Article 48 is the primary legal basis for communicating security incidents to ANPD and affected data subjects. - Quote: "O controlador deverá comunicar à autoridade nacional e ao titular a ocorrência de incidente de segurança" - [ANPD Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte](https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/guia-vf.pdf?ref=sorena.io) - ANPD security guidance supports practical incident-prevention and response controls for small processing agents under the LGPD. - Quote: "Segurança da Informação para Agentes de Tratamento de Pequeno Porte" - [ANPD Comunicação de Incidente de Segurança](https://www.gov.br/anpd/pt-br/canais_atendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis?ref=sorena.io) - ANPD incident guidance explains how Article 48 LGPD and Resolution 15/2024 apply to controller communications to ANPD and affected data subjects. - Quote: "prazo de três (3) dias úteis" - [Resolução CD/ANPD nº 1, de 28 de outubro de 2021](https://www.in.gov.br/web/dou/-/resolucao-cd/anpd-n-1-de-28-de-outubro-de-2021-358517513?ref=sorena.io) - ANPD procedural rules support keeping incident records, communications, and authority interactions traceable during review. - Quote: "processo de fiscalização e o processo administrativo sancionador" ## Related Topic Guides - [Brazil LGPD Anpd Enforcement And Fines Guide](/artifacts/latam/brazil-lgpd/anpd-enforcement-and-fines.md): Brazil LGPD guidance for Anpd Enforcement And Fines, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Applicability Test Guide](/artifacts/latam/brazil-lgpd/applicability-test.md): Practical guidance for the Brazil LGPD applicability test, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Breach Notification Guide](/artifacts/latam/brazil-lgpd/breach-notification.md): Brazil LGPD guidance for Breach Notification, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Checklist](/artifacts/latam/brazil-lgpd/checklist.md): Practical guidance for the Brazil LGPD checklist, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Compliance Guide](/artifacts/latam/brazil-lgpd/compliance.md): Practical guidance for the Brazil LGPD compliance, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Controller Operator And DPO Roles Guide](/artifacts/latam/brazil-lgpd/controller-operator-and-dpo-roles.md): Brazil LGPD guidance for Controller Operator And DPO Roles, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Data Subject Rights Guide](/artifacts/latam/brazil-lgpd/data-subject-rights.md): Brazil LGPD guidance for Data Subject Rights, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Deadlines and Compliance Calendar Guide](/artifacts/latam/brazil-lgpd/deadlines-and-compliance-calendar.md): Brazil LGPD guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD DSAR Response Template Guide](/artifacts/latam/brazil-lgpd/lgpd-dsar-response-template.md): Brazil LGPD guidance for LGPD DSAR Response Template, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD DSAR Workflow Guide](/artifacts/latam/brazil-lgpd/dsar-workflow.md): Brazil LGPD guidance for DSAR Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Incident Workflow Guide](/artifacts/latam/brazil-lgpd/incident-workflow.md): Brazil LGPD guidance for Incident Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD International Transfer Mechanisms Guide](/artifacts/latam/brazil-lgpd/international-transfer-mechanisms.md): Brazil LGPD guidance for International Transfer Mechanisms, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD International Transfers Guide](/artifacts/latam/brazil-lgpd/international-transfers.md): Brazil LGPD guidance for International Transfers, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Lawful Bases Guide](/artifacts/latam/brazil-lgpd/lawful-bases.md): Brazil LGPD guidance for Lawful Bases, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Legal Bases And Legitimate Interest Balancing Guide](/artifacts/latam/brazil-lgpd/legal-bases-and-legitimate-interest-balancing.md): Brazil LGPD guidance for Legal Bases And Legitimate Interest Balancing, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD penalties and fines Guide](/artifacts/latam/brazil-lgpd/penalties-and-fines.md): Brazil LGPD guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Privacy Law FAQ](/artifacts/latam/brazil-lgpd/faq.md): Practical guidance for the Brazil LGPD FAQ, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Requirements Guide](/artifacts/latam/brazil-lgpd/requirements.md): Practical guidance for the Brazil LGPD requirements, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Ripd And DPIA Evidence Guide](/artifacts/latam/brazil-lgpd/ripd-and-dpia-evidence.md): Brazil LGPD guidance for Ripd And DPIA Evidence, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Ripd Workflow Guide](/artifacts/latam/brazil-lgpd/ripd-workflow.md): Brazil LGPD guidance for Ripd Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Small Processing Agents Guide](/artifacts/latam/brazil-lgpd/small-processing-agents.md): Brazil LGPD guidance for Small Processing Agents, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Templates Guide](/artifacts/latam/brazil-lgpd/templates.md): Practical guidance for the Brazil LGPD templates, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD Transfer Workflow Guide](/artifacts/latam/brazil-lgpd/transfer-workflow.md): Brazil LGPD guidance for Transfer Workflow, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD vs CCPA Guide](/artifacts/latam/brazil-lgpd/lgpd-vs-ccpa.md): Brazil LGPD guidance for LGPD vs CCPA, with practical decisions, evidence, edge cases, and external source citations. - [Brazil LGPD vs GDPR Guide](/artifacts/latam/brazil-lgpd/lgpd-vs-gdpr.md): Brazil LGPD guidance for LGPD vs GDPR, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Children's Data under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/children-s-data.md): Brazil LGPD guidance for Children's Data, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Controller Operator And DPO Roles under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/controller-operator-and-dpo-roles.md): Brazil LGPD guidance for Controller Operator And DPO Roles, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Cookies under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/cookies.md): Brazil LGPD guidance for Cookies, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Incident Reporting To ANPD under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/incident-reporting-to-anpd.md): Brazil LGPD guidance for Incident Reporting To ANPD, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about International Transfer Mechanisms under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/international-transfer-mechanisms.md): Brazil LGPD guidance for International Transfer Mechanisms, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Legal Bases under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/legal-bases.md): Brazil LGPD guidance for Legal Bases, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Legitimate Interest Balancing under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/legitimate-interest-balancing.md): Brazil LGPD guidance for Legitimate Interest Balancing, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Ripd And DPIA under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/ripd-and-dpia.md): Brazil LGPD guidance for Ripd And DPIA, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Sanctions Methodology under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/sanctions-methodology.md): Brazil LGPD guidance for Sanctions Methodology, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Small Processing Agents under the Brazil LGPD?](/artifacts/latam/brazil-lgpd/faq/small-processing-agents.md): Brazil LGPD guidance for Small Processing Agents, with practical decisions, evidence, edge cases, and external source citations. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/latam/brazil-lgpd/incident-reporting-to-anpd