In January, the National Data Protection Authority (ANPD) published the LGPD Enforcement Regulation for small data processing agents. The Regulation aims to guide small data processing agents in adapting to the LGPD, based on the purviews provided in Article 55-J, item XVIII, of the Law. For the Regulation purposes, small data processing agents are micro-companies, small businesses, startups, legal entities under private law, including non-profit ones, and individuals and non-personalized private entities that process personal data, assuming obligations typical of a controller or operator.

Among the differentiated treatments foreseen for these agents, the following stand out:

  1. no obligation to appoint a personal data controller, being sufficient to provide a communication channel with the data holder;
  2. extended deadline to comply with some legal obligations, including the communication of security incidents and responding to requests from the data holders;
  3. the possibility of preparing and keeping a simplified register of personal data processing operations.

To access the published Regulation, click on the link.

❮ Back to the LGDP Express 01/22 bulletin