First Monitoring Cycle Report released by the Brazilian DPA

On August 18, 2023, the Brazilian Data Protection Authority (“Brazilian DPA” or “ANPD”) released the first Monitoring Cycle Report (RCM) of the General Supervisory Office (CGF) containing an assessment of the supervisory activities of 2022, summarizing the main results of the area, and providing guidelines for the next monitoring cycle.

Through the RCM, the CGF informs the general public of the applications and communications of security incidents (CIS), as well as the measures taken by the ANPD. According to the 2022 RCM, the Authority received 1,045 (one thousand and forty-five) requests from data subjects that resulted in the filing of administrative proceedings to analyze data processing. 

These requests are the sum of complaints of violations of the Brazilian General Data Protection Law (“LGPD”) and petitions from data subjects (a request from a data subject to exercise their rights in relation to the processing of personal data). The sectors that resulted in the largest number of requests were digital platforms, finance, public, services, telecommunications, and data collectors. 

In addition, the Authority received 473 (four hundred and seventy-three) CIS cases mainly involving data theft caused by security flaws in information systems (ransomware). Public administration, health, education, finance and information technology were the main sectors that reported to the ANPD.

The 2022 RCM can be accessed here

Our team is available for further clarification, as well as to advise on the procedures for complying with the regulatory obligations of the LGPD before the Brazilian DPA.

Gustavo Flausino Coelho –

Fernando Naegele –

Matheus Chagas Lamarca –

Receba nossas novidades