On 28 January 2021, Brazil’s National Data Protection Authority (ANPD) published its Regulatory Agenda for the 2021-2022 biennium. The regulatory Action Plan is divided into three phases.
The first phase, to be completed by the end of the second half of 2021, includes internal regulation actions and strategic planning, in addition to the resolution on data protection and privacy for SMEs and start-ups. The second group, with its start date expected by the end of the first half of 2022, includes regulation on cross-border data transfer and guidelines on the method of calculating fines. The third group of action areas is expected to be launched by the end of the second half of 2022 and includes regulation on the rights of data subjects and best practice guidelines to inform the wider public on the lawful basis for processing data.
The Regulatory Agenda lays out regulatory priorities around relevant topics such as the transfer of personal data to other jurisdictions. Although the law provides that personal data transfer is allowed to countries or international organizations with an adequate level of personal data protection, the ANPD must now evaluate what constitutes this adequate level and how it can be assessed. Additionally, the Agenda will serve as the backbone for the National Policy on Data Protection and Privacy to be issued by the Authority.
The ANPD is now seeking stakeholder input on the specific regulation for SMEs and start-ups. ANPD’s General Coordination for Standardization is available to hold meetings with public and private agents interested in the topic. The consultation is open until the 1st March.
Access Partnership is closely monitoring all developments regarding LGPD. For more information regarding this matter or to get involved in the consultation, please contact Paula Rabacov.