The Brazil Securities Commission (CVM) has approved its accession to an administrative arrangement designed to enable the transfer of personal data between authorities in the European Economic Area (EEA) and non-EEA authorities for securities and derivatives market regulation and supervision, in line with the European Union’s General Data Protection Regulation (GDPR). The arrangement, approved by the European Data Protection Board (EDPB) and the International Organization of Securities Commissions (IOSCO), requires signatories to maintain appropriate safeguards for processing personal data in their regulatory work. These include protections for confidentiality, limits on onward transfers to third parties (permitted only in specified circumstances), rules on personal data retention, and compensation mechanisms within the limits of applicable legal requirements.
Brazil Securities Commission (CVM) 2025-10-01
Brazil Securities Commission approves accession to GDPR administrative arrangement for personal data transfers with EEA regulators
The Brazil Securities Commission (CVM) has joined an administrative arrangement for personal data transfer between EEA and non-EEA authorities for securities and derivatives regulation, aligning with the EU's GDPR. Approved by the European Data Protection Board and IOSCO, the arrangement mandates signatories to uphold data processing safeguards, including confidentiality, restricted onward transfers, data retention rules, and compensation mechanisms.