Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Regulatory agenda of the Brazilian national data protection authority for the 2021-2022 biennium

By Patricia Barbosa and Isabella Rovesta
February 19, 2021
  • General
Share on Facebook Share on Twitter Share via email Share on LinkedIn

On January 28, 2021, due to the Data Privacy Day, the Brazilian National Data Protection Authority (“ANPD”), through Ordinance No. 11, made public the Regulatory Agenda approved by the Directing Council for the 2021-2022 biennium, through which it lists the topics to be regulated by the ANPD in this period and the respective deadlines for its beginning.

The agenda foresees the regulation of the so-called ‘priority aspects’. The deadlines defined by the ANPD for the regulation of these topics are divided into 3 distinct phases, highlighting that the scheduled date indicates the beginning of the regulation process, not its conclusion.

Although Ordinance No. 11 provides for the beginning of the regulatory process to take place in up to 1 year, for the aspects comprising phase 1, 1 and a half year for phase 2 and up to 2 years for the aspects comprising phase 3, Appendix I of the Ordinance, although it may still be changed, brings more optimistic forecasts for the beginning of the regulations, as shown in the schedule below:

Aspects / SubjectsPhaseForecasting beginning of the regulatory process
Publication of the First Internal Rules of the ANPD11st semester of 2021
Publication of ANPD’s Strategic Planning for the 2021-2023 triennium11st semester of 2021
Edition of simplified and differentiated rules, guidelines and procedures for adaptation of micro and small businesses to the LGPD1 , as well as startups and individuals who process personal data under economic purposes – according to article 55-J, XVIII of the LGPD11st semester of 2021
Establishment of rules for the application of administrative sanctions provided for in article 52 of the LGPD, including the calculation of the base value of fines and the circumstances and conditions for their appliance11st semester of 2021
Regulation of the notification, by the Controller to the ANPD, of security incidents, as provided for in article 48 of the LGPD, including deadline, templates and procedure for forwarding the information11st semester of 2021
Edition of Regulations and Procedures on Data Protection Impact Assessments in cases on which the processing represents a high risk to the guarantee of the general principles of personal data protection11st semester of 2021
Establishment of complementary rules on the definition and duties of the DPO, appointed by Controllers, pursuant to article 41, §3 of the LGPD21st semester of 2022
Regulation of International Transfer of Personal Data, including authorized countries, the assessment of the level of protection of personal data and the standard contractual clauses that allow the transfer21st semester of 2022
Regulation of the data subjects rights already provided for in the LGPD31st semester of 2022
Edition of Document providing for the legal hypotheses for the processing of personal data and the consequent application of the LGPD, on various topics32nd semester of 2022

This challenging scenario and the uncertainties surrounding the LGPD should start to become less obscure in a short time. We will continue to follow all topics regarding the regulation of the LGPD and soon we expect to be able to provide more information on the development of the law and the effective start of the regulatory process for the matters set out above.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Patricia Barbosa

About Patricia Barbosa

Patricia Barbosa is a partner of the Intellectual Property, Technology, Media & Communications (TMT), and Corporate practices at Vella Pugliese Buosi e Guidoni Advogados.

All posts Full bio

Isabella Rovesta

About Isabella Rovesta

Isabella Rovesta is an associate of the Intellectual Property, Technology, Media & Communications (TMT), and Corporate practices at Vella Pugliese Buosi e Guidoni Advogados.

All posts Full bio

RELATED POSTS

  • General

New enforcement policy published by ICO demonstrating lack of resource?

Focussed enforcement action The UK Information Commissioner’s Office (ICO) recently published its new policy on regulatory and enforcement action. The […]

By Simon Elliott
  • Accountability
  • General

Dentons Privacy Community does Privacy by Design

By Nick Graham
  • General

ICO Guidance on Artificial Intelligence

By Monika Sobiecki and Nick Graham

About Dentons

Dentons is the world’s largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. www.dentons.com.

Dentons Digital

Twitter

Categories

  • Accountability
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2021 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site