The National Data Protection Authority (ANPD) published CD/ANPD Resolution No. 19 on August 23, 2024. This Resolution approves the Regulation on International Data Transfer.
It is essential to highlight that the 12-month compliance deadline for this Resolution ended last Saturday, August 23, 2025. Compliance with the new regulation is, therefore, imperative for international data transfer operations.
The Resolution establishes the procedures and rules applicable to operations involving international data transfer, including those based on contractual clauses. The standard contractual clauses, drafted and approved by the ANPD, are one of the transfer mechanisms provided for in Law No. 13,709, of August 14, 2018 (LGPD).
For the international data transfer to be valid when supported by the adoption of the standard clauses, the Resolution determines that the full and unedited adoption of the text made available in Annex II is essential, via a contractual instrument signed between the data exporter and the data importer. It is important to note that other contractual provisions cannot exclude, modify, or contradict, directly or indirectly, the content of the standard contractual clauses.
Additionally, the controller must comply with transparency measures, such as making the full text of the clauses used for international data transfer available to the data subject upon request (observing commercial and industrial secrets).
The controller must also publicize clear, precise, and accessible information about the international transfer on its website (in the privacy notice), such as the purpose of the processing, the destination country, the data subjects’ rights, and the means for their exercise.
Being in compliance with the new Regulation on International Data Transfer is not just a legal obligation, but a competitive advantage that highlights the maturity of your company’s data governance program, as well as the care and transparency with which data is handled.
By Dr. Patricia Peck (CEO and Founding Partner) and Dr. Giovanna Bortoto (Business, Institutional, and Governmental Relations Manager)
The new E-Ciber represents a strategic and operational advancement by consolidating actions for prevention, incident response, institutional cooperation, and protection of the population, with special […]
BCB Resolution No. 501/2025, which amends BCB Resolution No. 142/2021, establishes strict procedures and controls for fraud prevention. The new guidelines must be adopted by […]
The Third Panel of the Superior Court of Justice (STJ) has ruled that banks and payment institutions must compensate customers who fall victim to social […]
Rua Henrique Schaumann, nº 270, 4º andar
Edifício Pinheiros Corporate,
São Paulo – SP | CEP: 05413-909
(11) 2189-0444