The General Data Protection Law (Lei Geral de Proteção de Dados, or LGPD) in Brazil establishes the rules for the protection of personal data. The LGPD does not specifically mention log monitoring as a requirement, however, it does require that data controllers and processors implement adequate technical and organizational measures to protect personal data, including the monitoring of the processing of personal data.
Article 43 of the LGPD sets out the requirements for the implementation of technical and organizational measures for data protection, which include:
"I - the adoption of appropriate measures for the protection of personal data against unauthorized access, manipulation, loss, or destruction;
II - the adoption of procedures for regular monitoring and review of the processing of personal data."
Requirement of security log monitoring
The LGPD does not specifically mention log monitoring, the requirement for the adoption of procedures for regular monitoring and review of the processing of personal data suggests that log monitoring is an important aspect of the protection of personal data in Brazil. This is in line with best practices for data protection and security, which typically include the implementation of log monitoring to detect and respond to security incidents. But it does require data controllers and processors to implement adequate technical and organizational measures to protect personal data, and that includes the monitoring of the processing of personal data. Additionally, Article 43 of the LGPD sets out the requirements for implementing technical and organizational measures for data protection, and it does mention the adoption of procedures for regular monitoring and review of the processing of personal data, which suggests the importance of log monitoring in Brazil.
Comentarios