LGPD application for small processing agents
On January 27, 2022, the Brazilian National Data Protection Authority (“ANPD”), published Resolution CD/ANPD No. 02, approving the regulation of LGPD application for small processing agents, which include micro-companies, startups and people who perform activities involving the processing of personal data, assuming typical obligations of controller or processor.
Regulation of the Oversight and Sanctioning Process within the ANPD
Our Privacy, Technology and Cybersecurity partners Tatiana Campello and Eduardo Magrani coordinated the making of a guideline with the main aspects about the regulation of the oversight and sanctioning process within the ANPD, with comments about its general provisions, regulated agents’ obligations, preparatory procedures, initiation and discovery, among other relevant topics.
Good Practices in Artificial Intelligence – a Guideline
Artificial intelligence is featuring more and more in our daily routines. A clear example is the popularization of the use of chatbots and virtual assistants by companies that want to optimize their customer service.
This phenomenon raises discussions involving the ethics behind the use of these tools. As with the General Personal Data Protection Law of Brazil (LGPD), companies that already adopt measures for the conscientious use of these tools will have at their disposal a huge competitive advantage.
For this reason, we have made available our “Guide to Good Practices in Artificial Intelligence”, a comprehensive document with guidelines for the ethical and responsible use of AI and which enables companies to intensify the use of this technology while ensuring respect for mandatory compliance measures.
Timeline – summary of the Brazilian National Data Protection Authority (ANPD) activities
The ANPD is already constituted, and has defined a regulatory plan for the next 2 years that provides for the publication of resolutions, ordinances and guidelines on the main aspects of the LGPD.
At the end of 2020 the ANPD website was created, where the main activities that have been adopted and promoted is published.
We have specialized teams with experience in advisory and litigation counseling that assist in the identification, management, prevention and mitigation of risks, from prior planning and evaluation to incident response, with a focus on providing our clients with practical advice.
Our clients benefit from our multidisciplinary team to deal with all matters, as well as relationships with information and data security service providers.
Privacy and Personal Data Protection
— Mapping of the flow of personal data, recommendations of legal grounds for processing and legal risks (gap analysis) and Legal Recommendations Report;
— Drafting and review of documents related to Privacy;
— Communication with and representation before the Brazilian National Data Protection Authority (ANPD);
— Specific legal consultation for the creation of products and services involving the processing of personal data (privacy by design)
— Legal consultation on marketing practices involving personal data, use of personal data in regulated sectors and on the use of databases (big data);
— Training and qualification on topics involving the Brazilian General Data Protection Law (“LGPD”), both general and on-demand (Training for the DPO; Training for the HR area; Overview for the entire organization; Training for the Privacy Committee, Training for clients and suppliers, among others).
Technology and Artificial Intelligence
— Governance of algorithms and Artificial Intelligence (AI). ;
— Smart contracts;
— Advice and awareness-raising on best practices and ethical frameworks for AI;
— Algorithmic auditing and risk and impact mapping;
— Advice on privacy, security and ethics by design;
— Advice on Digital Law demands and requirements;
— Advice on the use of technologies related to the Internet of Things (IoT).
— Support in identifying the degree of risk or existence of relevant damage to the data subjects, in the event of a security incident;
— Crisis management resulting from a security incident;
— Preparation of security incident notification to the Brazilian National Data Protection Authority (ANPD) and to data subjects;
— Support in hiring information security providers for the provision of forensic services;
— Review of the Information Security Policy and Incident Response Plan;
— Staff training;
— Support in contingency planning with the press, clients, authorities, and data subjects.