January 28, 2022

New ANPD Resolution marks the International Data Protection Day

January 28th is the International Data Protection Day. This date, chosen on April 26, 2006 by the Council of Europe, goes back to Convention 108 of 1981, the first treaty aimed at protecting the individual’s freedoms, private life, and personal data.

This celebration highlights the relevance of the matter for society, catalyzed by technological advances and the volume of personal data used in different ways. In addition, the celebration emphasizes the need for surveillance to curb abusive practices, capable of jeopardizing the rights and freedoms of individuals.

In Brazil, this movement is already happening. This is the second year that we celebrate the date with our Brazilian General Data Protection Regulation (LGPD) in force, with the proactive role of the National Data Protection Authority (ANPD), as well as the recent approval by the National Congress of the Proposal of Amendment to the Constitution 17 (PEC 17/2019), which includes the protection of personal data into the list of fundamental rights and guarantees.

The ANPD has been publishing guidelines for those who handle personal data, as well as conducting public hearings to address issues in the LGPD. And, as a commemorative highlight for the date, it was published today the Resolution CD/ANPD no. 2, of January 27, 2022, approving the regulation of application of the LGPD for small processing agents. The differentiated regulation for micro and small businesses was already planned as per the ANPD’s Regulatory Agenda for the 2021-2022 biennium.

The Resolution refers to micro-enterprises, small businesses, and startups, provided they do not perform high-risk treatment for the data subjects.

The main point of attention refers to the fact that it is not mandatory for these agents to appoint a Data Protection Officer (DPO), as long as they provide a communication channel with the data subject. However, the Resolution clarifies that the appointment of a DPO may be considered a good practice policy for the company.

In addition, small processing agents will be granted double time:

  • in complying with the data subject’s requests;
  • in communicating to the ANPD and the data subject the occurrence of the security incident;
  • in providing clear and complete declarations, in which case the period will be 30 days.

The resolution represents a considerable progress in data protection in Brazil, since it demonstrates the ANPD’s commitment to regulating the law, especially with the aim of facilitating the business environment for those who are most sensitive.

Should you need more information about the LGPD, strategies for compliance or trends in the national and international scenarios, please do not hesitate to contact our Digital Law team at


Last related news

January 17, 2023

The Future Legal Regulation Of Artificial Intelligence In Brazil

Several Bills are being debated in the Brazilian National Congress with the objective of regulating the development and use of artificial intelligence The Future Legal Regulation Of Artificial Intelligence In Brazil

Ler notícia

January 9, 2023

New flexibility on the remittance of royalty payments abroad

In the last days of December 2022, new regulations entered into force easing up the remittance of royalty payments abroad. However, local New flexibility on the remittance of royalty payments abroad

Ler notícia

January 6, 2023

Analysis Of Evidence Of Use Became More Thorough In The Forfeiture Procedure

On December 28, 2022, the Brazilian PTO published Technical Note no. 03.2022, updating the procedures for exam of forfeiture requests, originally regulated Analysis Of Evidence Of Use Became More Thorough In The Forfeiture Procedure

Ler notícia