Brazil

Brazil's General Data Protection Law (the "LGPD") establishes a comprehensive regulation of how personal data is processes, including how personal data is processed by natural persons and other legal entities governed by public or private laws, including through digital media. The LGPD is intended to protect the fundamental rights of freedom and privacy and free personality of natural persons.

Brazil's LGPD is applicable to any individual, group, or institution that processes data in Brazil, provides goods or services to individuals in Brazil, and collects personal data in Brazil.

LGPD was issued on August 14, 2018 and came into force on September 18, 2020.

The implementation of LGPD is under the supervision of the National Data Protection Authority (the "ANPD") of Brazil.

Huawei Cloud has issued a white paper, Huawei Cloud Compliance with Brazil LGPD, which shares our experience and practices in privacy protection and describes how we can help you comply with LGPD requirements.

Guidelines on Security Incident Reporting, issued by the ANPD on February 24, 2021 under LGPD, is also an important standard. It describes the forms the data controllers or processors need to fill in and measures they need to take in case of security events.

Brazil's National Monetary Council (the "CMN") is the supreme decision-making institution in Brazil's financial system. The CMN is in charge of formulating monetary and credit policies, approving the establishment of financial institutions and their scope of operations, and regulating capital markets.

The Central Bank of Brazil (the "BCB") is the executive body of the CMN and the highest financial authority in Brazil.

To maintain and strengthen the financial security and stability of financial institutions, Brazil's financial regulators have issued many regulations, including:

● Resolution 4,893, issued by the CMN, which specifies cybersecurity policies that the institutions regulated under the BCB shall comply with, covering requirements for data processing, data storage, and cloud computing services.

● Resolution 85, issued by the BCB, which specifies cybersecurity policies that the payment organizations authorized by the BCB shall comply with, covering requirements for data processing, storage, and cloud computing services.

● Decree No. 8,771, issued by the government of Brazil, which provides data security guidelines that entities performing data processing activities shall comply with. These guidelines focus on access control, encryption, and other measure for protecting personal data.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in Brazil describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in Brazil.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud. For example, if you are a payment agency authorized by the BCB, you shall comply with Circular No. 3,909 issued by the BCB to prove that your services meet the corresponding cybersecurity policies and the requirements for outsourcing data processing, data storage, and cloud computing services.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance questions, contact us or your account manager.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.