On International Data Protection Day, the National Data Protection Authority (ANPD) published its regulatory agenda for 2021-2022.

On January 28, 2021, a date celebrated as International Data Protection Day, the National Data Protection Authority (ANPD) published its regulatory agenda for the next 24 months. This agenda includes initiatives to establish complementary regulations regarding the following matters:

Estimated to start in the 1st semester of 2021

• ANPD’s bylaws and strategic planning (including goals and strategic actions);
• Data privacy for SMEs, startups, and individuals;
• Administrative sanctions, including the methodology for the calculation of monetary penalties;
• Notification of a personal data breach and specification of notification deadlines; and
• Data Protection Impact Assessments (DPIA).

Estimated to start in the 1st semester of 2022

• Data subject’s rights, including but not limited to Arts. 9 (Ease of Access), 18 (List of Rights), 20 (Request for Review of Automated Decision Making) and 23 (Data Processing by Public Authorities);
• Definition and duties of the Data Protection Officer (DPO), including those situations in which the appointment of a DPO may be waived, according to the nature and the size of the entity or the volume of data processing operations; and
• International data transfers.

Estimated to start in the 2nd semester of 2022

• Guidance on the legal bases for data processing.

Our team is closely monitoring all developments regarding LGPD and assisting clients on compliance projects. For more information regarding this matter, please e-mail us at privacy@lickslegal.com.

‍