Brazilian Data Protection Authority (ANDP)

Technical Note No. 33/2022, published by the Brazilian Data Protection Authority (ANPD), proposes a template for a Record of Personal Data Processing Activities (ROPA) for small processing agents, whether controllers or processors.

The proposed template is under public consultation until December 4, 2022, with a definitive version expected to be published in 2023.

The Brazilian Data Protection Authority (ANPD) has issued important guidance covering a variety of privacy aspects including security measures, determining controller and processor capacities, and how the ANPD administrative process will be applied to investigating companies and imposing penalties.

Continue reading.

On October 4, 2021, the Brazilian Data Protection Authority (ANPD) published a guide and a checklist on information security measures for small data processing agents. The guide covers measures such as contract management, information security policy and access controls. Such measures are necessary for the fulfillment of the security principle in the Brazilian General Law

On September 18, 2021, most articles of the Brazilian General Data Protection Law (LGPD) will have been effective for one year. During this period , several lawsuits have been filed and some judicial decisions have been published. In addition, ANPD (National Data Protection Authority) issued some guidance relevant to understanding the regulatory scenario, as well

On August 30, 2021, the Brazilian Data Protection Authority (ANPD) published a draft resolution on the application of the Brazilian General Data Protection Law (LGPD) for small businesses that process personal data. The draft presents exemptions with respect to several obligations provided for in the LGPD, especially for microenterprises, small businesses, startups and non-profit legal