In October19, 2018, WFaria gathered financial and technology professionals to discuss the implications of the new rules brought by UN GDPR, Brazilian Data Privacy General Law (“LGPD”) and the Brazilian Central Bank resolutions about data protection, data storage and cloud computing.
It was also discussed the launching on October 16, 2018, of a Public Hearing by CVM (the Brazilian Securities and Exchange Commission) on the same subject (SDM 05/2018), signaling that in the upcoming months a similar rule shall be issued to the securities’ market. Within the Minutes of the Public Hearing
The draft instruction outlines a clear intention of CVM to require the intermediary agents to provide a Business Continuity Plan (BCP), establishing systems and procedures to be used in order to ensure continuity and return of their activities in case of interruption of critical processes.
With the inevitable increase of electronic media and technological innovations uses within financial sector, regulators in this industry have seen the need to define control rules and impose on the institutions the hiring of systems capable of dealing with cyber attacks. Thus, in the wake of Resolution 4658/18, which determines the rules for financial institutions, and Circular 3909/2018, with almost identical rules but more flexible deadlines for adaptation to payment institutions, the CVM indicates that it will not leave this breach for the entities under its supervision.
Despite the many doubts that still linger on this subject, it seemed unanimous among the participants that the new rules impose the need for a cultural change in the institutions, which will only be reached with immediate training efforts, to both employees and suppliers.
Cyber security and data protection should no longer be a matter restricted to the areas of information technology and cyber security, but to be increasingly a matter of multidisciplinary approach, which goes far beyond the analysis and adjustment of contracts with suppliers and terms with customers.
Ana Júlia Moraes, who is responsible for civil law and contracts at the firm, and Paulo Bernardo, CEO of W4M Solutions, a software and information technology development company based in Portugal, spoke about the subject.
We are planning a new round of discussions on the subject.