News

Newsletter

ANPD publishes its internal procedure rules

Published in the Official Gazette on March 9th, 2021, Ordinance No. 01 stipulates the Brazilian National Data Protection Authority’s (ANPD) internal procedure rules, defining its competencies of the organizational units, the procedures, and the decision-making instruments of the body.
As per Law No. 13,709/2018 (the Brazilian General Data Protection Law – LGPD) itself, the organizational structure of the ANPD is composed by the Board of Directors and its advisory body, the National Council for Data Protection and Privacy. The Ordinance details the existence of internal bodies for coordination, ombudsman, and legal counsel. It also creates the function of “Project Manager”, who will report directly to each of the five directors members of the Board of Directors, which is the ANPD’s highest directive body.
The Ordinance also determines that the decisions of the Board of Directors must be made in Deliberative Meetings or Deliberative Rounds, by simple majority, with an absolute majority of its members present. As provided by the internal regiment, the Board of Directors will hold at least one Deliberative Meeting a month, either in person or by videoconference, to analyze the processes underway at the ANPD. The meetings will be public, except when wide publicity may violate a secrecy protected by law or someone's privacy, in which case disclosure will be restricted to the parties and their attorneys.
Among the Board's competencies, the following stand out:
 
(i) the edition of regulations and procedures, including addressing data protection impact assessment reports;
(ii) the setting up of minimum technical standards to be applied in anonymization processes and as security measures;
(iii) the definition of standard contractual clauses’ content, as well as the verification of specific contractual clauses for international transfers, global corporate standards, certificates and codes of conduct;
(iv) the deliberation regarding requirements on levels of protection of personal data from other countries; and
(v) the review of sanctions applied by the General Inspection Office.
As for the deadlines, the regulation provides for that requests for examination for thirty (30) days, extendable for another thirty (30) to each board member. The Deliberative Round should take place from seven (7) to thirty (30) days.
The ANPD will also have a General Secretariat, a General Administration Coordination and a General Institutional and International Relations Coordination. In addition, the functions of the Internal General’s Office, the Ombudsman's Office and the Legal Office, the General Coordination of Standardization and the General Coordination of Technology and Research have been created and set up.
Among other departments, the General Inspection Coordination was also created, whose competencies are
 
(i) to make first instance decisions in the ANPD's administrative sanctioning proceedings;
(ii) request data processing agents to submit Personal Data Protection Impact Assessment reports;
(iii) receive notifications of security incidents;
(iv) perform audits, or determine their performance, within the scope of its inspection activities; and
(v) communicate to the competent authorities any criminal infractions of which might come to its knowledge.
Regarding the review of the ANPD's decisions, the highest instance of appeal in matters within the Authority's jurisdiction is the Board of Directors. The ANPD's decisions issued when the Board of Directors functions as a single instance may be subject to a request for reconsideration, duly justified.
Finally, the regulation defines administrative procedures, such as the body's decision-making framework, as well as procedures relating to public hearings and consultations, the issuance of normative acts, legal interpretations, and the establishment of understandings on matters related to the protection of personal data.
Should you be interested in further details about the ANPD’s functions and procedures, please do not hesitate to contact our Digital Law team at digital@kasznarleonardos.com.
 
Back

Last related news

September 6, 2022

Brazilian National Health Surveillance Agency authorizes exceptional drug and vaccine use against Monkeypox by the Ministry of Health

The Ministry of Health (MH) sent Brazilian National Health Surveillance Agency (Anvisa) a request for exemption from the sanitary registration, on an Brazilian National Health Surveillance Agency authorizes exceptional drug and vaccine use against Monkeypox by the Ministry of Health

Ler notícia

August 16, 2022

Brazilian National Health Surveillance Agency (ANVISA) decides to ban Carbendazim

On August 8th, 2022, during the 12th Extraordinary Public Meeting of DICOL, ANVISA’s Collegiate Board of Directors announced the completion of the toxicological Brazilian National Health Surveillance Agency (ANVISA) decides to ban Carbendazim

Ler notícia

July 19, 2022

Carbendazim toxicological revaluation about to be completed by ANVISA

In December 2019, ANVISA started the process of toxicological revaluation of the Active Ingredient (AI) Carbendazim, as signs of toxicity were identified Carbendazim toxicological revaluation about to be completed by ANVISA

Ler notícia