Cybersecurity & Data Privacy
On January 28, 2021 (Data Privacy Day), Ordinance No. 11/2021 was published in the Brazilian Federal Official Gazette, making public the regulatory agenda of the Brazilian National Data Protection Authority (ANPD Agenda) for the 2021-2022 biennium.
The Agenda organized the several topics of the Brazilian General Data Protection Law (Law No. 13,709/2018 – LGPD) that are pending regulation by ANPD in 3 phases. The first one including initiatives expected to be implemented in up to 1 year (Phase 1), the second one including initiatives expected to be implemented in up to 1 year and 6 months (Phase 2), and the last one including activities expected to be implemented in up to 2 years (Phase 3). Please see below the topics covered by each phase:
Phase 1 – (i) ANPD Internal Regulation; (ii) ANPD Strategic Planning; (iii) Data and privacy protection for small and medium-sized companies, startups and individuals who process personal data for economic purposes; (iv) Establishment of regulations for the application of art. 52 and following of LGPD (legal sanctions); (v) Communication of incidents and specification of the notification period; and (vi) Data Protection Impact Assessment.
Phase 2 – (i) Data Protection Officer; and (ii) International Transfer of Personal Data.
Phase 3 – (i) data subject rights; and (ii) lawful processing of personal data.
Considering the number of relevant topics to be addressed, ANPD’s General Coordination of Standardization will prepare, every six months, a report with the status of each topic. The last report of 2021 will propose adjustments to the Agenda as needed.