What has changed in the LGPD for small data processors?

The National Data Protection Authority (ANPD) issued Resolution No. 2 of January 27, 2022, in order to regulate the processing of personal data carried out by small-scale processing agents, which are microenterprises, small businesses, startups, legal entities under private law, including non-profit entities, natural persons and depersonalized private entities that carry out data processing.

The main changes were:

Possibility of keeping records of personal data processing in a simplified way;

Flexibility or simplified procedure for reporting data security incidents;

No obligation to maintain a Data Protection Officer for the processing of personal data;

Possibility of establishing a simplified information security policy;

Granting double the period to respond to requests from data subjects, requirements from the National Data Protection Authority and communication of security incidents.

The new rule applies to any small-scale processing agents, except if: (i) they perform high-risk processing on data subjects; (ii) they earn gross revenue above the legal limits for small businesses and startups; or (iii) they belong to an economic group whose gross revenue exceeds the legal limit for small businesses and startups.

What has changed in the LGPD for small data processors?

Destaques

Related articles on the topic

Update of Federal Court Deposits by IPCA Regulated

Health Insurance Plans May Deny Medication Not Listed on the ANS List

Health Insurance Plans May Deny Medication Not Listed on the ANS List

Quick Reads

Receipt of insurance by a company does not generate payment of federal taxes — For company

Real Estate Holding Company: Tax Authorities May Review the Asset Value for Calculating the ITCMD — For you

Social Security Compensation: STJ Maintains Ban on Settling Debts After eSocial with Credits from Periods Prior to the System — For company