ANPD publishes its internal procedure rules

Published in the Official Gazette on March 9th, 2021, Ordinance No. 01 stipulates the Brazilian National Data Protection Authority’s (ANPD) internal procedure rules, defining its competencies of the organizational units, the procedures, and the decision-making instruments of the body.
As per Law No. 13,709/2018 (the Brazilian General Data Protection Law – LGPD) itself, the organizational structure of the ANPD is composed by the Board of Directors and its advisory body, the National Council for Data Protection and Privacy. The Ordinance details the existence of internal bodies for coordination, ombudsman, and legal counsel. It also creates the function of “Project Manager”, who will report directly to each of the five directors members of the Board of Directors, which is the ANPD’s highest directive body.
The Ordinance also determines that the decisions of the Board of Directors must be made in Deliberative Meetings or Deliberative Rounds, by simple majority, with an absolute majority of its members present. As provided by the internal regiment, the Board of Directors will hold at least one Deliberative Meeting a month, either in person or by videoconference, to analyze the processes underway at the ANPD. The meetings will be public, except when wide publicity may violate a secrecy protected by law or someone's privacy, in which case disclosure will be restricted to the parties and their attorneys.
Among the Board's competencies, the following stand out:
(i) the edition of regulations and procedures, including addressing data protection impact assessment reports;
(ii) the setting up of minimum technical standards to be applied in anonymization processes and as security measures;
(iii) the definition of standard contractual clauses’ content, as well as the verification of specific contractual clauses for international transfers, global corporate standards, certificates and codes of conduct;
(iv) the deliberation regarding requirements on levels of protection of personal data from other countries; and
(v) the review of sanctions applied by the General Inspection Office.
As for the deadlines, the regulation provides for that requests for examination for thirty (30) days, extendable for another thirty (30) to each board member. The Deliberative Round should take place from seven (7) to thirty (30) days.
The ANPD will also have a General Secretariat, a General Administration Coordination and a General Institutional and International Relations Coordination. In addition, the functions of the Internal General’s Office, the Ombudsman's Office and the Legal Office, the General Coordination of Standardization and the General Coordination of Technology and Research have been created and set up.
Among other departments, the General Inspection Coordination was also created, whose competencies are
(i) to make first instance decisions in the ANPD's administrative sanctioning proceedings;
(ii) request data processing agents to submit Personal Data Protection Impact Assessment reports;
(iii) receive notifications of security incidents;
(iv) perform audits, or determine their performance, within the scope of its inspection activities; and
(v) communicate to the competent authorities any criminal infractions of which might come to its knowledge.
Regarding the review of the ANPD's decisions, the highest instance of appeal in matters within the Authority's jurisdiction is the Board of Directors. The ANPD's decisions issued when the Board of Directors functions as a single instance may be subject to a request for reconsideration, duly justified.
Finally, the regulation defines administrative procedures, such as the body's decision-making framework, as well as procedures relating to public hearings and consultations, the issuance of normative acts, legal interpretations, and the establishment of understandings on matters related to the protection of personal data.
Should you be interested in further details about the ANPD’s functions and procedures, please do not hesitate to contact our Digital Law team at

Last related news

November 22, 2021

Kasznar Leonardos receives ISO 9001 certification of quality

The ISO 9001 standard recognizes operational efficiency, focusing specifically on excellent customer service and continual process improvement. Our firm has received ISO Kasznar Leonardos receives ISO 9001 certification of quality

  • Kasznar Leonardos
  • Ler notícia

    November 12, 2021

    BPTO recognizes the Right of Precedence as an argument for filing Administrative Nullities

    By Flávia Tremura and Isabella Faccioli From November 2021 the BPTO will start to accept the right of precedence of the trademark BPTO recognizes the Right of Precedence as an argument for filing Administrative Nullities

  • Kasznar Leonardos
  • Ler notícia

    September 3, 2021

    The Covid-19 pandemic triggered the issuance of new compulsory license rules for patents in Brazil

    On Sept. 2nd, 2021, Law No 14,200 was enacted to amend the Brazilian Patent & Trademark Act (BPTA) in order to change The Covid-19 pandemic triggered the issuance of new compulsory license rules for patents in Brazil

    Ler notícia