Newsletter
30 de October de 2023
ANVISA’s Personal Data Protection Policy is released
On October 19, 2023, the Federal Official Gazette (DOU) published Administrative Order 1,184/2023, which provides for the National Health Surveillance Agency’s (Anvisa) conformity with the Personal Data Protection Policy and, consequently, the compliance of its internal processes with the General Personal Data Protection Law – Law 13.709/2018 (LGPD).
Anvisa’s aim is to implement internal guidelines for the protection of personal data. It also aims to comply with legislation when carrying out its activities, safeguarding privacy through rules and guidelines; which on one side preserve transparency and access to public information, and on the other side aim to protect the freedoms and rights of individuals. In this way, the Policy is targeted at the processing of personal data, safeguarded by the Agency, which will be done through its civil servants, employees, contractors, trainees, suppliers, service providers, or anyone involved in the Agency’s processes.
In this sense, the Policy determines that Anvisa’s personal data processing activities should be configured within parameters and principles, observing good faith:
Free Access: guarantee data subjects information for free, with easy consultation, about how their data will be processed and for how long, in accordance with Art. 6, IV of the LGPD;
Security: use technical and administrative measures with the aim of guaranteeing the protection of personal data from unauthorized access; and from adverse or illicit situations in the attempt to destroy, lose, alter, communicate, or disseminate the personal data of a data subject, according to Art. 6, VII of the LGPD;
Prevention: adopting preventive measures, in order to prevent possible incidents of damage as a result of the processing of personal data, in accordance with Art. 6, VIII of the LGPD; and
Responsibility and Accountability: demonstrate and prove that it has adopted efficient and appropriate measures for observing and complying with the rules on the protection of personal data, as provided for in Art. 6, X of the LGPD.
Some of the areas of ANVISA’s activities that require data processing include: product registration and renewals at ANVISA; applications for certificates and authorizations; complaints and notifications of adverse situations; applications for health inspections and inspections; and requests made to ANVISA by the public.
The publication of ANVISA’s Personal Data Protection Policy is in harmony with the objectives proposed in the Agency’s 2020-2023 Strategic Plan, which establishes the goal of improving regulatory quality in health surveillance, strengthening technical excellence in management and regulation and modernizing data processing systems.
For more content related to this matter, don’t hesitate to contact us at regulatorio@kasznarleonardos.com and digital@kasznarleonardos.com.
Last related news
9 de July de 2025
Tracking and Telemetry in the Fight Against Software Piracy: An Analysis Under the LGPD and GDPR
The use of telemetry and tracking technologies by software developers to detect and combat the unauthorized use of their products has become … Tracking and Telemetry in the Fight Against Software Piracy: An Analysis Under the LGPD and GDPR
1 de July de 2025
New PPH Cycle Opens for Third Quarter of 2025 – Telecommunication Applications Excluded
In accordance with Ordinance 03/2025, published by the BPTO on March 25, 2025, a new limit of 800 Patent Prosecution Highway (PPH) … New PPH Cycle Opens for Third Quarter of 2025 – Telecommunication Applications Excluded
1 de July de 2025
Brazil’s Supreme Court Partially Strikes Down Internet Law Provision, Imposes Stricter Duty of Care on Online Platforms
On Thursday, June 26, the Brazilian Supreme Federal Court (STF) issued a landmark ruling, partially invalidating Article 19 of the Brazilian Internet … Brazil’s Supreme Court Partially Strikes Down Internet Law Provision, Imposes Stricter Duty of Care on Online Platforms