ANPD’s Board of Directors approves Regulation of the Oversight and Administrative Sanctioning Processes

Following the entry in force of administrative sanctions in August 2021, the Board of the National Data Protection Authority (ANPD) approved, on October 28, the Regulation of the Oversight Process and the Administrative Sanctioning Process. The Regulation  establishes the procedures for supervision, monitoring activities, guidance and preventive action, as well as determining the rules to be observed on the application of sanctions.

The Regulation stipulates that administrative proceedings may be initiated ex officio by the Office of the Coordinator-General of Oversight, at the request of the Authority or as a result of the monitoring process.

In this regard, the data processing agents may submit a proposal for a Conduct Adjustment Term (TAC) in accordance with the term established for defense, including the right to appeal after the decision. It is worth noting that the ANPD will establish the respective amounts of the sanctions to be imposed and may issue other directives.

The text also states that the ANPD is authorized to request access to the facilities of those entities subject to regulation, as well as technological resources applied, and equipment used. In addition, such regulated entities are required to provide copies of documents, either physical or digital, data and information relevant to the evaluation of personal data processing activities, within the specified period, place, format and other conditions established by the Authority, and are responsible for requesting from the ANPD confidentiality of the information provided.

Finally, the Resolution will come into force on the date of its publication and the first monitoring cycle will begin in January 2022. With this, the ANPD will be able to perform inspections, analyze the compliance or not of data processing agents, minimize risks and prevent irregular practices.

In this way, it is the aim of the Authority to be able to foster a culture of personal data protection in Brazil, through guidance and education measures for both data processors and data subjects.

This and other information can be found in our ANPD Timeline.

Demarest’s Privacy, Technology and Cybersecurity team is available for any further information or clarification on this and other topics.