"LGPD" Lei Geral de Proteção de Dados Pessoais (Brazilian General Data Protection Law)

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

Six years after its enactment and four years after it entered into force, on July 17, 2024, the Brazilian Data Protection Agency (Autoridade Nacional de Proteção de Dados (ANPD)) has issued a regulation developing the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais (LGPD)) and clarifying the regulatory framework for Data Protection Officers (DPOs) in Brazil (ANPD Resolution No. 18/2024, the “Resolution”).

Article 41 of the LGPD establishes that data controllers must appoint a data protection officer (DPO), details their main responsibilities, and requires that the DPO’s identity must be made public. It also invites the ANPD to establish complementary rules for the definition and attribution of the person in charge, including cases of exemption from the appointment requirement, depending on the nature and size of the entity or the volume of the data processing operations.Continue Reading New ANPD Resolution on the Statute of Data Protection Officers in Brazil