...

International Data Transfer

Estimated reading: 3 minutes

According to Resolution No. 19 of the National Data Protection Authority (ANPD), it will be necessary to adapt the existing contracts between companies that carry out the international transfer of personal data.

The ANPD has established standard contractual clauses that must be incorporated into our contracts to ensure that international transfers of personal data are carried out in accordance with the protection standards required by the General Data Protection Law (LGPD). Resolution No. 19, of August 23, 2024, regulates articles 33 to 36 of the LGPD, establishing procedures and rules for the recognition of adequacy of other countries or international organizations, as well as disciplining contractual mechanisms for carrying out international transfers of personal data.

1. What does ANPD Resolution No. 19 establish?

Resolution No. 19, dated August 23, 2024, from the National Data Protection Authority (ANPD), requires the adaptation of contracts between companies that carry out the international transfer of personal data.

2. What clauses must be incorporated into contracts?

The ANPD has established standard contractual clauses that must be included in contracts to ensure that international transfers of personal data comply with the protection standards required by the General Data Protection Law (LGPD).

3. Which articles of the LGPD are regulated by this resolution?

Resolution No. 19 regulates Articles 33 to 36 of the LGPD, establishing rules and procedures for recognizing the adequacy of other countries or international organizations, as well as regulating contractual mechanisms for international data transfers.

4. In what situations can international data transfers occur?

Some common situations include:

  • Storage in Data Centers Abroad: When personal data is stored on servers outside Brazil, such as cloud computing services (AWS, Azure).
  • Customer Service Outsourcing: Companies that hire call centers or support teams based in other countries.
  • Software as a Service (SaaS) Solutions: Management platforms, corporate emails (Google Workspace, Microsoft 365), and CRM systems that store data on servers outside Brazil.
  • Research and Development Partnerships: Sharing personal data for analysis, studies, or innovation with companies located abroad.

5. What is the deadline to report the existence of international data transfers?

We request that, within 10 (ten) days, you inform us whether there is an international transfer of personal data within the scope of your contract, so that we can adapt it to the requirements of ANPD Resolution No. 19/2024.

6. What information must be provided?

6.1. What service does Almaden provide?

Almaden provides IT asset management and digital experience services, including:

  • Collective IQ® ITAM: A solution for inventory and monitoring of hardware, software, licenses, and subscriptions.
  • Collective IQ® DEX: A solution for improving employees’ digital experience.
6.2. Does the service involve international data transfer? If so, to which countries?

Yes, there is an international data transfer. Our infrastructure is hosted in the United States, in an AWS Data Center.

6.3. What personally identifiable information is collected from end users?

The collected data includes:

  • User name (login ID).
  • Equipment location information, if geolocation has been enabled by the subscriber.
  • Information related to MS Teams usage, if integration with MS Teams has been enabled.
6.4. Who is responsible for this information?

7. Where can I get more information on this subject?

We are available to clarify any doubts on the matter.

Share this Doc

International Data Transfer

Or copy link

Table of Contents
Scroll to Top