On 08 November, the ANPD has approved its Regulatory Agenda to years 2023-2024, defining the priorities and schedule of the Authority’s action in the period, granting greater transparency and publicity to the regulatory process on personal data matters.
In its Regulatory Agenda, the Authority has divided its operation into four phases. In Phase 1, the items that had their regulatory process started during the Regulatory Agenda 2021-2022 and are unfinished will be continued, being considered as priorities.
In this Phase, the following subjects can be highlighted: (i) regulation on the dosimetry of the administrative sanctions; (ii) creation of additional rules on the appointment of a DPO; (iii) establishment of the deadline and form for security incident’s notices; and (iv) ruling on international personal data transfers.
Moreover, Phase 2 includes items that shall have their regulatory process started on at least a year, such as the establishment of additional rules to the LGPD regarding data processing involving minors’ data, as well as the creation of criteria to recognize governance and best practices policies.
Phase 3 covers topics in which the regulatory process shall begin on no more than eighteen months. Some noteworthy examples here are the publishing of technical standards by the ANPD regarding security, technical and administrative measures for the adequate personal data processing, as well as the creation of guidelines on the use of artificial intelligence on data processing, among others.
At last, Phase 4 provides only one item that will have its regulatory process started on at least two years, the development of rules and regulation on the criteria and requirements for the signing of Conduct Adjustment Agreements between the data processing agents and the Authority.
Our team is at your disposal for further clarifications, as well as to provide assistance with the procedures for fulfilling LGPD and/or ANPD regulatory obligations.