Amid this growing concern, the National Data Protection Authority, ANPD , stands out as a central body in Brazil. But what exactly is it and what are its functions?
In this article, we will explain what the ANPD is and its functions, exploring how this public administration has been playing a role in regulating and protecting data in Brazil.
Follow!
What is ANPD?
The National Data Protection Authority (ANPD) is a body of the Brazilian federal public administration, established with the objective of monitoring, implementing and guiding the execution of the General Law on the Protection of Personal Data. The ANPD plays a fundamental role in guaranteeing the privacy and protection of personal data, establishing clear guidelines for organizations that carry out:
Collect;
Storage;
Treatment; and
Sharing of personal information.
Created to act as an independent regulatory body, the ANPD has technical and decision-making autonomy, although it is linked to the Ministry of Justice. Its functions range from the preparation of standards and guidelines for the application of the LGPD to the monitoring of data processing practices carried out by companies and public bodies.
Furthermore, the body is responsible for australia business mailing list promoting awareness about the importance of data protection among the population and entities, providing guidance on the rights and duties of each party involved.
Its creation represents a significant step for Brazil in adapting to global data protection trends, aligning itself with international regulations such as the European Union's GDPR (General Data Protection Regulation).
Understand the functions of ANPD and its competences
Created under the aegis of the General Data Protection Law, the ANPD is the government entity responsible for monitoring, implementing and ensuring compliance with the standards established for the protection of personal data.
Its functions cover a broad spectrum, aimed at promoting the security of citizens' personal data, as well as trust in the processing of such data by companies and institutions. Below, we will list some of the main functions and competences of the National Data Protection Authority:
1. Regulation and supervision
The ANPD is responsible for developing guidelines for the national data protection and privacy policy, as well as monitoring and applying sanctions in case of non-compliance with the LGPD. This includes conducting audits and investigating data processing practices that may violate the legislation.
2. Guidance and education
One of the ANPD's responsibilities is to promote education and awareness about the importance of protecting personal data. Therefore, it involves the preparation of educational materials and the holding of activities and events that aim to inform both data subjects and organizations about their rights and obligations.
3. Standardization and regulation
To ensure effective implementation of the LGPD, the ANPD has the power to establish technical norms, standards and criteria for the security and protection of personal data . In this way, it includes specific guidelines for categories of sensitive data, international data transactions and security measures to be adopted by organizations.
4. Mediation and conflict resolution
The ANPD acts as a mediation body between data subjects and organizations, offering mechanisms for resolving conflicts related to data protection. This allows for faster and more efficient handling of complaints and reports.
5. International cooperation
In an increasingly connected world, cross-border data protection is essential. The ANPD is empowered to cooperate with data protection authorities in other countries, contributing to the harmonization of data protection practices and facilitating the secure international transfer of data.
The agency’s role is therefore multidimensional, ranging from regulation and oversight to education and international cooperation. Its remit is designed to create a safe and trustworthy environment for the processing of personal data.
What sanctions are provided for?
The LGPD, through the National Data Protection Authority, establishes a series of sanctions for organizations that fail to protect personal data as required by law.
The penalties are designed to ensure that organizations take data protection seriously, emphasizing the importance of adhering to established security and privacy practices. Penalties can vary depending on the severity of the violation and include:
Warning : this is one of the mildest sanctions, accompanied by a deadline for the organization to adopt corrective measures. It serves as an alert to the need for adjustments in data processing practices to ensure compliance with the LGPD;
Simple fine : can reach 2% of the company's revenue, limited to a total of 50 million reais per violation. This penalty is applied in cases of specific violations of the LGPD, reflecting the severity of the non-compliance;
Daily fine : in addition to the simple fine, the ANPD may impose daily fines as a way of compelling the organization to correct the infraction committed. This approach aims to encourage the rapid correction of inadequate data processing practices;
Publication of the violation : the agency may determine the publication of the violation after it has been duly investigated and confirmed, serving as a form of penalty that exposes the organization's failure to comply with the LGPD. This directly impacts the company's image before the public and the market;
Blocking of personal data related to the infraction until regularization : in cases of serious infractions, the ANPD may block personal data related to the infraction until the organization demonstrates compliance, preventing the use of such data.
Organizations may also face more severe sanctions, such as the deletion of personal data, which may be ordered by the ANPD in situations where the violation compromises the security and privacy of the data processed.
Learn more about ANPD and its guidelines
To deepen your knowledge of the ANPD and fully understand the guidelines and focus areas defined by the entity, we invite you to download the exclusive e-book created by the BigDataCorp team. This information-rich resource offers a detailed overview of data protection practices, as well as exploring emerging topics that will be prioritized in the guidelines and inspections.
Don’t miss the opportunity to stay informed and ahead of the curve when it comes to personal data protection in Brazil. Download our e-book on the ANPD right now and take a step forward in understanding and applying best practices in privacy and data protection.