b ra z i l d pa - th e a n p d th e c a s e f o r a n e ffecti ve€¦ · i n t e r p re tin g , a...
TRANSCRIPT
The Brazilian government must establish the ANPDimmediately, regardless of the applicability date of the LGPD.The ANPD should become operational as quickly as possibleand prioritize its activities in the most effective manner.
The case for an effectiveBrazil DPA - the ANPD
The ANPD should be established immediately. It should prioritise its activitiesto provide interpretation of the LGPD and guidance to organisations to enable
proper implementation and compliance.
WHAT IS THE ANPD ANDWHY BRAZIL NEEDS IT
The ANPD, or Autoridade Nacional de Proteção de Dados, will be the first dataprotection authority to be established in Brazil. The ANPD will have a key role ininterpreting, applying and enforcing the new Brazilian data protection law – Lei Geral deProteção de Dados Pessoais (LGPD).
The ANPD will be of central importance to:
Ensure the effectiveness and success of the LGPDGuarantee that personal data of Brazilians is used in a responsible wayBring legal certainty and clarity to regulated organizations
Regardless of the applicability date of the LGPD, its provisions concerning the ANPD arealready in force. Because much of the regulatory guidance of which the ANPD isresponsible must be provided to organizations well before the effective date of theLGPD to ensure proper implementation and compliance, the ANPD should beestablished immediately. Additionally, in times of crisis such as the COVID-19 pandemic,it is even more important that Brazil has a technical data protection authority equippedto provide guidance on how personal data can be used for the public good.
THE ANPD PRIORITIES
Effective regulation depends oneffective strategies to make the
best possible use of availableresources. This includes
prioritizing and concentrating onregulatory activities that promisethe best outcomes for individuals
and society.
At this initial stage, the ANPDshould prioritize its activities
relating to responsive regulationand constructive engagement,
rather than deterrence andpunishment.
Defining its strategyPreparing the NationalPolicy for the Protection ofPersonal Data and Privacy
Acknowledging goodpractice Recognizing best in classexamples of accountableprivacy governance programs
Providing guidanceOn topics such as datasharing, portability,timeframes for respondingto data subject rights, etc.
Interpreting the LGPDTo clarify provisions relatingto its scope, consent,processing of children's data,etc.
Providing technicalstandardsAnd encouraging theadoption of industrystandards that will enableLGPD implementation
Enabling internationaldata transfersThrough recognizingadequacy of third countriesand establishing the variousdata transfer mechanisms
Educating on dataprotectionEducating individuals abouttheir data protection rights,and organizations abouttheir obligations
Preparing for LGPDenforcementBy establishing enforcementprocedures andimplementing mechanismsto receive complaints
To access the full paper and more information about the CIPL-CEDIS LGPD project, click here.